From dacd1d800376c51df71f3391f4216a0f9182441d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:58:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0020.json | 200 ++++++++++++------------- 2005/0xxx/CVE-2005-0156.json | 260 ++++++++++++++++----------------- 2005/0xxx/CVE-2005-0374.json | 150 +++++++++---------- 2005/0xxx/CVE-2005-0487.json | 140 +++++++++--------- 2005/1xxx/CVE-2005-1098.json | 140 +++++++++--------- 2005/1xxx/CVE-2005-1705.json | 210 +++++++++++++------------- 2005/3xxx/CVE-2005-3489.json | 170 ++++++++++----------- 2005/3xxx/CVE-2005-3621.json | 170 ++++++++++----------- 2005/3xxx/CVE-2005-3781.json | 180 +++++++++++------------ 2005/3xxx/CVE-2005-3829.json | 150 +++++++++---------- 2005/4xxx/CVE-2005-4289.json | 130 ++++++++--------- 2005/4xxx/CVE-2005-4466.json | 190 ++++++++++++------------ 2005/4xxx/CVE-2005-4783.json | 180 +++++++++++------------ 2005/4xxx/CVE-2005-4892.json | 34 ++--- 2009/0xxx/CVE-2009-0126.json | 200 ++++++++++++------------- 2009/0xxx/CVE-2009-0344.json | 170 ++++++++++----------- 2009/0xxx/CVE-2009-0860.json | 150 +++++++++---------- 2009/0xxx/CVE-2009-0897.json | 140 +++++++++--------- 2009/0xxx/CVE-2009-0916.json | 210 +++++++++++++------------- 2009/1xxx/CVE-2009-1494.json | 170 ++++++++++----------- 2009/3xxx/CVE-2009-3227.json | 140 +++++++++--------- 2009/3xxx/CVE-2009-3413.json | 130 ++++++++--------- 2009/3xxx/CVE-2009-3482.json | 140 +++++++++--------- 2009/3xxx/CVE-2009-3592.json | 140 +++++++++--------- 2009/3xxx/CVE-2009-3900.json | 190 ++++++++++++------------ 2009/4xxx/CVE-2009-4301.json | 220 ++++++++++++++-------------- 2009/4xxx/CVE-2009-4648.json | 140 +++++++++--------- 2009/4xxx/CVE-2009-4992.json | 120 +++++++-------- 2012/2xxx/CVE-2012-2121.json | 220 ++++++++++++++-------------- 2012/2xxx/CVE-2012-2211.json | 140 +++++++++--------- 2012/2xxx/CVE-2012-2332.json | 180 +++++++++++------------ 2012/2xxx/CVE-2012-2343.json | 34 ++--- 2012/2xxx/CVE-2012-2957.json | 150 +++++++++---------- 2012/6xxx/CVE-2012-6362.json | 34 ++--- 2015/0xxx/CVE-2015-0363.json | 150 +++++++++---------- 2015/0xxx/CVE-2015-0923.json | 120 +++++++-------- 2015/1xxx/CVE-2015-1400.json | 150 +++++++++---------- 2015/1xxx/CVE-2015-1509.json | 34 ++--- 2015/1xxx/CVE-2015-1613.json | 120 +++++++-------- 2015/1xxx/CVE-2015-1747.json | 150 +++++++++---------- 2015/1xxx/CVE-2015-1770.json | 140 +++++++++--------- 2015/1xxx/CVE-2015-1921.json | 140 +++++++++--------- 2015/5xxx/CVE-2015-5077.json | 34 ++--- 2015/5xxx/CVE-2015-5126.json | 34 ++--- 2015/5xxx/CVE-2015-5183.json | 140 +++++++++--------- 2015/5xxx/CVE-2015-5478.json | 34 ++--- 2018/11xxx/CVE-2018-11474.json | 120 +++++++-------- 2018/11xxx/CVE-2018-11703.json | 120 +++++++-------- 2018/3xxx/CVE-2018-3087.json | 142 +++++++++--------- 2018/3xxx/CVE-2018-3426.json | 34 ++--- 2018/3xxx/CVE-2018-3478.json | 34 ++--- 2018/3xxx/CVE-2018-3578.json | 122 ++++++++-------- 2018/3xxx/CVE-2018-3965.json | 122 ++++++++-------- 2018/7xxx/CVE-2018-7959.json | 120 +++++++-------- 2018/8xxx/CVE-2018-8268.json | 34 ++--- 2018/8xxx/CVE-2018-8616.json | 34 ++--- 2018/8xxx/CVE-2018-8650.json | 130 ++++++++--------- 2018/8xxx/CVE-2018-8722.json | 120 +++++++-------- 58 files changed, 3850 insertions(+), 3850 deletions(-) diff --git a/2005/0xxx/CVE-2005-0020.json b/2005/0xxx/CVE-2005-0020.json index 08e14738586..de1bd9eb475 100644 --- a/2005/0xxx/CVE-2005-0020.json +++ b/2005/0xxx/CVE-2005-0020.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-641", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-641" - }, - { - "name" : "MDKSA-2005:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:010" - }, - { - "name" : "12274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12274" - }, - { - "name" : "13049", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13049" - }, - { - "name" : "1012957", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012957" - }, - { - "name" : "13828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13828" - }, - { - "name" : "13890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13890" - }, - { - "name" : "13898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13898" - }, - { - "name" : "playmidi-bo(18933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:010" + }, + { + "name": "13828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13828" + }, + { + "name": "1012957", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012957" + }, + { + "name": "12274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12274" + }, + { + "name": "13898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13898" + }, + { + "name": "playmidi-bo(18933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18933" + }, + { + "name": "DSA-641", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-641" + }, + { + "name": "13890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13890" + }, + { + "name": "13049", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13049" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0156.json b/2005/0xxx/CVE-2005-0156.json index a92ca474f5f..0cbdfbc2f71 100644 --- a/2005/0xxx/CVE-2005-0156.json +++ b/2005/0xxx/CVE-2005-0156.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110779721503111&w=2" - }, - { - "name" : "http://www.digitalmunition.com/DMA[2005-0131b].txt", - "refsource" : "MISC", - "url" : "http://www.digitalmunition.com/DMA[2005-0131b].txt" - }, - { - "name" : "CLSA-2006:1056", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056" - }, - { - "name" : "FLSA-2006:152845", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "GLSA-200502-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml" - }, - { - "name" : "MDKSA-2005:031", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031" - }, - { - "name" : "RHSA-2005:103", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-103.html" - }, - { - "name" : "RHSA-2005:105", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-105.html" - }, - { - "name" : "2005-0003", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0003/" - }, - { - "name" : "20050202 [USN-72-1] Perl vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110737149402683&w=2" - }, - { - "name" : "12426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12426" - }, - { - "name" : "oval:org.mitre.oval:def:10803", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803" - }, - { - "name" : "14120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14120" - }, - { - "name" : "55314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55314" - }, - { - "name" : "perl-perliodebug-bo(19208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110779721503111&w=2" + }, + { + "name": "http://www.digitalmunition.com/DMA[2005-0131b].txt", + "refsource": "MISC", + "url": "http://www.digitalmunition.com/DMA[2005-0131b].txt" + }, + { + "name": "12426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12426" + }, + { + "name": "RHSA-2005:105", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-105.html" + }, + { + "name": "14120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14120" + }, + { + "name": "2005-0003", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0003/" + }, + { + "name": "RHSA-2005:103", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-103.html" + }, + { + "name": "oval:org.mitre.oval:def:10803", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803" + }, + { + "name": "55314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55314" + }, + { + "name": "20050202 [USN-72-1] Perl vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110737149402683&w=2" + }, + { + "name": "CLSA-2006:1056", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056" + }, + { + "name": "FLSA-2006:152845", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "MDKSA-2005:031", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031" + }, + { + "name": "perl-perliodebug-bo(19208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208" + }, + { + "name": "GLSA-200502-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0374.json b/2005/0xxx/CVE-2005-0374.json index bcfcb0b0b8d..d70f53aaa05 100644 --- a/2005/0xxx/CVE-2005-0374.json +++ b/2005/0xxx/CVE-2005-0374.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050112 Security Advisory: BiTBOARD xss", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110555988111899&w=2" - }, - { - "name" : "12248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12248" - }, - { - "name" : "1012864", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012864" - }, - { - "name" : "bitshifters-bitboard-xss(18871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050112 Security Advisory: BiTBOARD xss", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110555988111899&w=2" + }, + { + "name": "bitshifters-bitboard-xss(18871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18871" + }, + { + "name": "12248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12248" + }, + { + "name": "1012864", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012864" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0487.json b/2005/0xxx/CVE-2005-0487.json index 24a04263b58..a647c286611 100644 --- a/2005/0xxx/CVE-2005-0487.json +++ b/2005/0xxx/CVE-2005-0487.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050215 Kayako eSupport v2.3.1 Support Tracker XSS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110845724029888&w=2" - }, - { - "name" : "12563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12563" - }, - { - "name" : "kayako-index-xss(18571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kayako-index-xss(18571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18571" + }, + { + "name": "20050215 Kayako eSupport v2.3.1 Support Tracker XSS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110845724029888&w=2" + }, + { + "name": "12563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12563" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1098.json b/2005/1xxx/CVE-2005-1098.json index 93972105491..e5d53b17796 100644 --- a/2005/1xxx/CVE-2005-1098.json +++ b/2005/1xxx/CVE-2005-1098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15210" - }, - { - "name" : "1013644", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013644" - }, - { - "name" : "getdataback-ntfs-information-disclosure(19967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "getdataback-ntfs-information-disclosure(19967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19967" + }, + { + "name": "15210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15210" + }, + { + "name": "1013644", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013644" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1705.json b/2005/1xxx/CVE-2005-1705.json index eaae18440ba..8b0b0ed6296 100644 --- a/2005/1xxx/CVE-2005-1705.json +++ b/2005/1xxx/CVE-2005-1705.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=88398", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=88398" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm" - }, - { - "name" : "GLSA-200505-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200505-15.xml" - }, - { - "name" : "MDKSA-2005:095", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095" - }, - { - "name" : "RHSA-2005:801", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-801.html" - }, - { - "name" : "RHSA-2005:709", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-709.html" - }, - { - "name" : "oval:org.mitre.oval:def:11072", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072" - }, - { - "name" : "17072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17072" - }, - { - "name" : "17356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17356" - }, - { - "name" : "18506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17072" + }, + { + "name": "18506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18506" + }, + { + "name": "RHSA-2005:709", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-709.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm" + }, + { + "name": "RHSA-2005:801", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-801.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=88398", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=88398" + }, + { + "name": "GLSA-200505-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200505-15.xml" + }, + { + "name": "oval:org.mitre.oval:def:11072", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072" + }, + { + "name": "MDKSA-2005:095", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095" + }, + { + "name": "17356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17356" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3489.json b/2005/3xxx/CVE-2005-3489.json index c5d657651ec..12cf8bac604 100644 --- a/2005/3xxx/CVE-2005-3489.json +++ b/2005/3xxx/CVE-2005-3489.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 Buffer-overflow and directory traversal in Asus", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113096055302614&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/asusvsbugs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/asusvsbugs-adv.txt" - }, - { - "name" : "15279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15279" - }, - { - "name" : "ADV-2005-2289", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2289" - }, - { - "name" : "20457", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20457" - }, - { - "name" : "17419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20457", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20457" + }, + { + "name": "17419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17419" + }, + { + "name": "http://aluigi.altervista.org/adv/asusvsbugs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/asusvsbugs-adv.txt" + }, + { + "name": "15279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15279" + }, + { + "name": "ADV-2005-2289", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2289" + }, + { + "name": "20051102 Buffer-overflow and directory traversal in Asus", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113096055302614&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3621.json b/2005/3xxx/CVE-2005-3621.json index 8bbb8d514f1..027e0efe6a3 100644 --- a/2005/3xxx/CVE-2005-3621.json +++ b/2005/3xxx/CVE-2005-3621.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6" - }, - { - "name" : "DSA-1207", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1207" - }, - { - "name" : "SUSE-SR:2005:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html" - }, - { - "name" : "1015213", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015213" - }, - { - "name" : "17578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17578" - }, - { - "name" : "22781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html" + }, + { + "name": "17578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17578" + }, + { + "name": "DSA-1207", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1207" + }, + { + "name": "22781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22781" + }, + { + "name": "1015213", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015213" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3781.json b/2005/3xxx/CVE-2005-3781.json index 8345bc81d2b..4ebdf69ca36 100644 --- a/2005/3xxx/CVE-2005-3781.json +++ b/2005/3xxx/CVE-2005-3781.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to \"make unnecessary queries.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102030", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102030-1" - }, - { - "name" : "15384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15384" - }, - { - "name" : "ADV-2005-2388", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2388" - }, - { - "name" : "20752", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20752" - }, - { - "name" : "1015191", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015191" - }, - { - "name" : "17460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17460" - }, - { - "name" : "solaris-innamed-dns-dos(23062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to \"make unnecessary queries.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20752", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20752" + }, + { + "name": "15384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15384" + }, + { + "name": "102030", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102030-1" + }, + { + "name": "17460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17460" + }, + { + "name": "1015191", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015191" + }, + { + "name": "solaris-innamed-dns-dos(23062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23062" + }, + { + "name": "ADV-2005-2388", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2388" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3829.json b/2005/3xxx/CVE-2005-3829.json index a061897ed97..401329c2f43 100644 --- a/2005/3xxx/CVE-2005-3829.json +++ b/2005/3xxx/CVE-2005-3829.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html" - }, - { - "name" : "ADV-2005-2587", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2587" - }, - { - "name" : "21098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21098" - }, - { - "name" : "17732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17732" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html" + }, + { + "name": "ADV-2005-2587", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2587" + }, + { + "name": "21098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21098" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4289.json b/2005/4xxx/CVE-2005-4289.json index 365992291a4..41c8cb66939 100644 --- a/2005/4xxx/CVE-2005-4289.json +++ b/2005/4xxx/CVE-2005-4289.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/edatcat-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/edatcat-xss-vuln.html" - }, - { - "name" : "15889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15889" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/edatcat-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/edatcat-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4466.json b/2005/4xxx/CVE-2005-4466.json index 81a7a4cae15..1a577e65e66 100644 --- a/2005/4xxx/CVE-2005-4466.json +++ b/2005/4xxx/CVE-2005-4466.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051221 [Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419989/100/0/threaded" - }, - { - "name" : "http://www.hat-squad.com/en/000171.html", - "refsource" : "MISC", - "url" : "http://www.hat-squad.com/en/000171.html" - }, - { - "name" : "16001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16001" - }, - { - "name" : "ADV-2005-3029", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3029" - }, - { - "name" : "1015392", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015392" - }, - { - "name" : "18197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18197" - }, - { - "name" : "281", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/281" - }, - { - "name" : "sipproxy-i3sipmsg-bo(23823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18197" + }, + { + "name": "281", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/281" + }, + { + "name": "sipproxy-i3sipmsg-bo(23823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23823" + }, + { + "name": "20051221 [Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419989/100/0/threaded" + }, + { + "name": "16001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16001" + }, + { + "name": "ADV-2005-3029", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3029" + }, + { + "name": "http://www.hat-squad.com/en/000171.html", + "refsource": "MISC", + "url": "http://www.hat-squad.com/en/000171.html" + }, + { + "name": "1015392", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015392" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4783.json b/2005/4xxx/CVE-2005-4783.json index e53b854803e..a2506690b01 100644 --- a/2005/4xxx/CVE-2005-4783.json +++ b/2005/4xxx/CVE-2005-4783.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netbsd-announce] 20051031 Announcing update 2.0.3 - source only", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h" - }, - { - "name" : "http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727", - "refsource" : "CONFIRM", - "url" : "http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727" - }, - { - "name" : "NetBSD-SA2006-001", - "refsource" : "NETBSD", - "url" : "http://www.packetstormsecurity.org/0601-advisories/NetBSD-SA2006-001.txt" - }, - { - "name" : "20729", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20729" - }, - { - "name" : "1015132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015132" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h" + }, + { + "name": "http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727", + "refsource": "CONFIRM", + "url": "http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727" + }, + { + "name": "20729", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20729" + }, + { + "name": "NetBSD-SA2006-001", + "refsource": "NETBSD", + "url": "http://www.packetstormsecurity.org/0601-advisories/NetBSD-SA2006-001.txt" + }, + { + "name": "[netbsd-announce] 20051031 Announcing update 2.0.3 - source only", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4892.json b/2005/4xxx/CVE-2005-4892.json index a5a86a2b847..9ef6aafddb7 100644 --- a/2005/4xxx/CVE-2005-4892.json +++ b/2005/4xxx/CVE-2005-4892.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4892", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4892", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0126.json b/2009/0xxx/CVE-2009-0126.json index eeef4c23ee2..9696f24f6af 100644 --- a/2009/0xxx/CVE-2009-0126.json +++ b/2009/0xxx/CVE-2009-0126.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/12/4" - }, - { - "name" : "http://boinc.berkeley.edu/trac/changeset/16883", - "refsource" : "CONFIRM", - "url" : "http://boinc.berkeley.edu/trac/changeset/16883" - }, - { - "name" : "http://boinc.berkeley.edu/trac/ticket/823", - "refsource" : "CONFIRM", - "url" : "http://boinc.berkeley.edu/trac/ticket/823" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479664", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479664" - }, - { - "name" : "FEDORA-2009-0578", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00034.html" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "33806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33806" - }, - { - "name" : "33828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33828" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521" + }, + { + "name": "33806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33806" + }, + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/12/4" + }, + { + "name": "http://boinc.berkeley.edu/trac/changeset/16883", + "refsource": "CONFIRM", + "url": "http://boinc.berkeley.edu/trac/changeset/16883" + }, + { + "name": "http://boinc.berkeley.edu/trac/ticket/823", + "refsource": "CONFIRM", + "url": "http://boinc.berkeley.edu/trac/ticket/823" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=479664", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479664" + }, + { + "name": "FEDORA-2009-0578", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00034.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0344.json b/2009/0xxx/CVE-2009-0344.json index 28e905de7f8..a96b6897a0b 100644 --- a/2009/0xxx/CVE-2009-0344.json +++ b/2009/0xxx/CVE-2009-0344.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "239886", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1" - }, - { - "name" : "33506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33506" - }, - { - "name" : "ADV-2009-0281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0281" - }, - { - "name" : "1021646", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021646" - }, - { - "name" : "33726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33726" - }, - { - "name" : "sunfire-elom-unauth-access(48329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33506" + }, + { + "name": "ADV-2009-0281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0281" + }, + { + "name": "33726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33726" + }, + { + "name": "sunfire-elom-unauth-access(48329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48329" + }, + { + "name": "239886", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239886-1" + }, + { + "name": "1021646", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021646" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0860.json b/2009/0xxx/CVE-2009-0860.json index 40195d60e13..84fb894ef35 100644 --- a/2009/0xxx/CVE-2009-0860.json +++ b/2009/0xxx/CVE-2009-0860.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090218 DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501033/100/0/threaded" - }, - { - "name" : "http://connection.netcordia.com/forums/t/731.aspx", - "refsource" : "CONFIRM", - "url" : "http://connection.netcordia.com/forums/t/731.aspx" - }, - { - "name" : "33824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33824" - }, - { - "name" : "33963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web user interface in the login application in NetMRI 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to error pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33824" + }, + { + "name": "33963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33963" + }, + { + "name": "20090218 DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501033/100/0/threaded" + }, + { + "name": "http://connection.netcordia.com/forums/t/731.aspx", + "refsource": "CONFIRM", + "url": "http://connection.netcordia.com/forums/t/731.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0897.json b/2009/0xxx/CVE-2009-0897.json index 97f6cd2a342..50ed162023d 100644 --- a/2009/0xxx/CVE-2009-0897.json +++ b/2009/0xxx/CVE-2009-0897.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the \"schema DB2 instance id\" and the bcgarchive (aka the archiver script)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JR31482", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21366016" - }, - { - "name" : "35136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35136" - }, - { - "name" : "websphere-pg-bcgarchive-info-disclosure(50643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the \"schema DB2 instance id\" and the bcgarchive (aka the archiver script)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR31482", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21366016" + }, + { + "name": "35136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35136" + }, + { + "name": "websphere-pg-bcgarchive-info-disclosure(50643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50643" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0916.json b/2009/0xxx/CVE-2009-0916.json index 2f4209e87b4..b0a9650b191 100644 --- a/2009/0xxx/CVE-2009-0916.json +++ b/2009/0xxx/CVE-2009-0916.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/964/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/964/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/964/" - }, - { - "name" : "SUSE-SR:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" - }, - { - "name" : "33961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33961" - }, - { - "name" : "34135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34135" - }, - { - "name" : "34418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34418" - }, - { - "name" : "ADV-2009-0586", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a \"moderately severe issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" + }, + { + "name": "34135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34135" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/964/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/964/" + }, + { + "name": "34418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34418" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/964/" + }, + { + "name": "33961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33961" + }, + { + "name": "ADV-2009-0586", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0586" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/964/" + }, + { + "name": "http://www.opera.com/docs/changelogs/freebsd/964/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/964/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1494.json b/2009/1xxx/CVE-2009-1494.json index 0bb9cfdc869..07c01ed17d7 100644 --- a/2009/1xxx/CVE-2009-1494.json +++ b/2009/1xxx/CVE-2009-1494.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98", - "refsource" : "MISC", - "url" : "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98" - }, - { - "name" : "http://code.google.com/p/memcachedb/source/detail?r=98", - "refsource" : "MISC", - "url" : "http://code.google.com/p/memcachedb/source/detail?r=98" - }, - { - "name" : "http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c", - "refsource" : "MISC", - "url" : "http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c" - }, - { - "name" : "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e" - }, - { - "name" : "http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz", - "refsource" : "MISC", - "url" : "http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz" - }, - { - "name" : "memcached-processstat-info-disclosure(50444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98", + "refsource": "MISC", + "url": "http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98" + }, + { + "name": "http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz", + "refsource": "MISC", + "url": "http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz" + }, + { + "name": "memcached-processstat-info-disclosure(50444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50444" + }, + { + "name": "http://code.google.com/p/memcachedb/source/detail?r=98", + "refsource": "MISC", + "url": "http://code.google.com/p/memcachedb/source/detail?r=98" + }, + { + "name": "http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c", + "refsource": "MISC", + "url": "http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c" + }, + { + "name": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e", + "refsource": "MISC", + "url": "http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3227.json b/2009/3xxx/CVE-2009-3227.json index 793e0bbee0a..599d950da32 100644 --- a/2009/3xxx/CVE-2009-3227.json +++ b/2009/3xxx/CVE-2009-3227.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt" - }, - { - "name" : "35816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35816" - }, - { - "name" : "36003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36003" + }, + { + "name": "35816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35816" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3413.json b/2009/3xxx/CVE-2009-3413.json index 4d64eb1a0e8..87e77a4aad0 100644 --- a/2009/3xxx/CVE-2009-3413.json +++ b/2009/3xxx/CVE-2009-3413.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-3413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "TA10-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2008-3976 and CVE-2009-3414." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "TA10-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3482.json b/2009/3xxx/CVE-2009-3482.json index 8467c8766e2..6c281efe08e 100644 --- a/2009/3xxx/CVE-2009-3482.json +++ b/2009/3xxx/CVE-2009-3482.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090928 Local privilege escalation vulnerability in Trustport security software", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506751/100/0/threaded" - }, - { - "name" : "http://www.trustport.com/en/notices/security-update-of-trustport-products", - "refsource" : "CONFIRM", - "url" : "http://www.trustport.com/en/notices/security-update-of-trustport-products" - }, - { - "name" : "36880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trustport.com/en/notices/security-update-of-trustport-products", + "refsource": "CONFIRM", + "url": "http://www.trustport.com/en/notices/security-update-of-trustport-products" + }, + { + "name": "36880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36880" + }, + { + "name": "20090928 Local privilege escalation vulnerability in Trustport security software", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506751/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3592.json b/2009/3xxx/CVE-2009-3592.json index 38af8c6250d..3799ca600a9 100644 --- a/2009/3xxx/CVE-2009-3592.json +++ b/2009/3xxx/CVE-2009-3592.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0910-exploits/X-Cart-submail-XSS.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/X-Cart-submail-XSS.txt" - }, - { - "name" : "36601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36601" - }, - { - "name" : "xcart-home-xss(53664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0910-exploits/X-Cart-submail-XSS.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/X-Cart-submail-XSS.txt" + }, + { + "name": "xcart-home-xss(53664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53664" + }, + { + "name": "36601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36601" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3900.json b/2009/3xxx/CVE-2009-3900.json index 4c83af09b9b..c2b97368dc1 100644 --- a/2009/3xxx/CVE-2009-3900.json +++ b/2009/3xxx/CVE-2009-3900.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/haport_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/haport_advisory.asc" - }, - { - "name" : "IZ61323", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ61323" - }, - { - "name" : "IZ61325", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ61325" - }, - { - "name" : "IZ62630", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ62630" - }, - { - "name" : "36931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36931" - }, - { - "name" : "37267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37267" - }, - { - "name" : "ADV-2009-3153", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3153" - }, - { - "name" : "aix-powerha-unauth-access(54154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37267" + }, + { + "name": "IZ62630", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ62630" + }, + { + "name": "IZ61323", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ61323" + }, + { + "name": "36931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36931" + }, + { + "name": "aix-powerha-unauth-access(54154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54154" + }, + { + "name": "IZ61325", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ61325" + }, + { + "name": "ADV-2009-3153", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3153" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/haport_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/haport_advisory.asc" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4301.json b/2009/4xxx/CVE-2009-4301.json index bd7bdeb7bf7..4037cbd17d4 100644 --- a/2009/4xxx/CVE-2009-4301.json +++ b/2009/4xxx/CVE-2009-4301.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11", - "refsource" : "CONFIRM", - "url" : "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11" - }, - { - "name" : "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8", - "refsource" : "CONFIRM", - "url" : "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8" - }, - { - "name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" - }, - { - "name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=139106", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=139106" - }, - { - "name" : "FEDORA-2009-13040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" - }, - { - "name" : "FEDORA-2009-13065", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" - }, - { - "name" : "FEDORA-2009-13080", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" - }, - { - "name" : "37244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37244" - }, - { - "name" : "37614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37614" - }, - { - "name" : "ADV-2009-3455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" + }, + { + "name": "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11", + "refsource": "CONFIRM", + "url": "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11" + }, + { + "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=139106", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=139106" + }, + { + "name": "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8", + "refsource": "CONFIRM", + "url": "http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8" + }, + { + "name": "ADV-2009-3455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3455" + }, + { + "name": "37614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37614" + }, + { + "name": "FEDORA-2009-13065", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" + }, + { + "name": "FEDORA-2009-13040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" + }, + { + "name": "FEDORA-2009-13080", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" + }, + { + "name": "37244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37244" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4648.json b/2009/4xxx/CVE-2009-4648.json index 663ed284353..3e31fba9ca2 100644 --- a/2009/4xxx/CVE-2009-4648.json +++ b/2009/4xxx/CVE-2009-4648.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.portcullis-security.com/338.php", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/338.php" - }, - { - "name" : "38176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38176" - }, - { - "name" : "fta-menushell-command-execution(56248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38176" + }, + { + "name": "http://www.portcullis-security.com/338.php", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/338.php" + }, + { + "name": "fta-menushell-command-execution(56248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56248" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4992.json b/2009/4xxx/CVE-2009-4992.json index d1f7f98e796..d151511f781 100644 --- a/2009/4xxx/CVE-2009-4992.json +++ b/2009/4xxx/CVE-2009-4992.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9383", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9383", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9383" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2121.json b/2012/2xxx/CVE-2012-2121.json index f64185a1c21..efb709dda04 100644 --- a/2012/2xxx/CVE-2012-2121.json +++ b/2012/2xxx/CVE-2012-2121.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/16" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=814149", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=814149" - }, - { - "name" : "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195" - }, - { - "name" : "RHSA-2012:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html" - }, - { - "name" : "RHSA-2012:0676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0676.html" - }, - { - "name" : "USN-1577-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1577-1" - }, - { - "name" : "USN-2036-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2036-1" - }, - { - "name" : "USN-2037-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2037-1" - }, - { - "name" : "1027083", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027083" - }, - { - "name" : "50732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50732" + }, + { + "name": "RHSA-2012:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html" + }, + { + "name": "1027083", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027083" + }, + { + "name": "[oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/16" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=814149", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814149" + }, + { + "name": "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195" + }, + { + "name": "USN-1577-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1577-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4" + }, + { + "name": "USN-2036-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2036-1" + }, + { + "name": "USN-2037-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2037-1" + }, + { + "name": "RHSA-2012:0676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2211.json b/2012/2xxx/CVE-2012-2211.json index 81bebbc8761..00e7495f5c1 100644 --- a/2012/2xxx/CVE-2012-2211.json +++ b/2012/2xxx/CVE-2012-2211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111626/egroupware-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111626/egroupware-xss.txt" - }, - { - "name" : "http://www.egroupware.org/changelog", - "refsource" : "CONFIRM", - "url" : "http://www.egroupware.org/changelog" - }, - { - "name" : "48703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48703" + }, + { + "name": "http://www.egroupware.org/changelog", + "refsource": "CONFIRM", + "url": "http://www.egroupware.org/changelog" + }, + { + "name": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2332.json b/2012/2xxx/CVE-2012-2332.json index e478ad2d856..54772f756fa 100644 --- a/2012/2xxx/CVE-2012-2332.json +++ b/2012/2xxx/CVE-2012-2332.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html" - }, - { - "name" : "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/08/6" - }, - { - "name" : "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/09/2" - }, - { - "name" : "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt", - "refsource" : "MISC", - "url" : "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt" - }, - { - "name" : "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html" - }, - { - "name" : "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html" - }, - { - "name" : "53418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/08/6" + }, + { + "name": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html", + "refsource": "MISC", + "url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html" + }, + { + "name": "53418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53418" + }, + { + "name": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt", + "refsource": "MISC", + "url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt" + }, + { + "name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/09/2" + }, + { + "name": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html" + }, + { + "name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2343.json b/2012/2xxx/CVE-2012-2343.json index 9955771d015..e4f9a718831 100644 --- a/2012/2xxx/CVE-2012-2343.json +++ b/2012/2xxx/CVE-2012-2343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2343", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candidate is a duplicate of CVE-2010-5098. Notes: All CVE users should reference CVE-2010-5098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2343", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candidate is a duplicate of CVE-2010-5098. Notes: All CVE users should reference CVE-2010-5098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2957.json b/2012/2xxx/CVE-2012-2957.json index 2ae83d1455b..bea6c8b8db7 100644 --- a/2012/2xxx/CVE-2012-2957.json +++ b/2012/2xxx/CVE-2012-2957.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a \"file inclusion\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00" - }, - { - "name" : "VU#108471", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/108471" - }, - { - "name" : "54429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54429" - }, - { - "name" : "symantec-web-mechanism-file-include(77113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a \"file inclusion\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00" + }, + { + "name": "symantec-web-mechanism-file-include(77113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77113" + }, + { + "name": "VU#108471", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/108471" + }, + { + "name": "54429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54429" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6362.json b/2012/6xxx/CVE-2012-6362.json index 36123e9f6e0..dfb0e18ec7d 100644 --- a/2012/6xxx/CVE-2012-6362.json +++ b/2012/6xxx/CVE-2012-6362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6362", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6362", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0363.json b/2015/0xxx/CVE-2015-0363.json index a6fe55869e3..f2c6287f129 100644 --- a/2015/0xxx/CVE-2015-0363.json +++ b/2015/0xxx/CVE-2015-0363.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72203" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150363(100128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72203" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "oracle-cpujan2015-cve20150363(100128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100128" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0923.json b/2015/0xxx/CVE-2015-0923.json index 60cca84aecd..284ae0b7654 100644 --- a/2015/0xxx/CVE-2015-0923.json +++ b/2015/0xxx/CVE-2015-0923.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#377644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/377644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#377644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/377644" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1400.json b/2015/1xxx/CVE-2015-1400.json index d6216ec6a0a..c79ec21d3e8 100644 --- a/2015/1xxx/CVE-2015-1400.json +++ b/2015/1xxx/CVE-2015-1400.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html" - }, - { - "name" : "http://websecgeeks.com/npds-cms-sql-injection/", - "refsource" : "MISC", - "url" : "http://websecgeeks.com/npds-cms-sql-injection/" - }, - { - "name" : "http://www.npds.org/viewtopic.php?topic=26189&forum=12", - "refsource" : "CONFIRM", - "url" : "http://www.npds.org/viewtopic.php?topic=26189&forum=12" - }, - { - "name" : "http://www.npds.org/viewtopic.php?topic=26233&forum=12", - "refsource" : "CONFIRM", - "url" : "http://www.npds.org/viewtopic.php?topic=26233&forum=12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.npds.org/viewtopic.php?topic=26189&forum=12", + "refsource": "CONFIRM", + "url": "http://www.npds.org/viewtopic.php?topic=26189&forum=12" + }, + { + "name": "http://www.npds.org/viewtopic.php?topic=26233&forum=12", + "refsource": "CONFIRM", + "url": "http://www.npds.org/viewtopic.php?topic=26233&forum=12" + }, + { + "name": "http://packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html" + }, + { + "name": "http://websecgeeks.com/npds-cms-sql-injection/", + "refsource": "MISC", + "url": "http://websecgeeks.com/npds-cms-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1509.json b/2015/1xxx/CVE-2015-1509.json index 5d10ac6ad17..62ea2487145 100644 --- a/2015/1xxx/CVE-2015-1509.json +++ b/2015/1xxx/CVE-2015-1509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1509", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1613.json b/2015/1xxx/CVE-2015-1613.json index 78a3925fff7..bd8df60b4de 100644 --- a/2015/1xxx/CVE-2015-1613.json +++ b/2015/1xxx/CVE-2015-1613.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rhodecode.com/blog/rhodecode-enterprise-security-release/", - "refsource" : "CONFIRM", - "url" : "https://rhodecode.com/blog/rhodecode-enterprise-security-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rhodecode.com/blog/rhodecode-enterprise-security-release/", + "refsource": "CONFIRM", + "url": "https://rhodecode.com/blog/rhodecode-enterprise-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1747.json b/2015/1xxx/CVE-2015-1747.json index 6b003b64b24..2c6c34ce55c 100644 --- a/2015/1xxx/CVE-2015-1747.json +++ b/2015/1xxx/CVE-2015-1747.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-250", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-250" - }, - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74986" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-250", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-250" + }, + { + "name": "74986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74986" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1770.json b/2015/1xxx/CVE-2015-1770.json index d05a9669368..f0392a75b7c 100644 --- a/2015/1xxx/CVE-2015-1770.json +++ b/2015/1xxx/CVE-2015-1770.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Uninitialized Memory Use Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-059", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059" - }, - { - "name" : "75016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75016" - }, - { - "name" : "1032523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Uninitialized Memory Use Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75016" + }, + { + "name": "1032523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032523" + }, + { + "name": "MS15-059", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-059" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1921.json b/2015/1xxx/CVE-2015-1921.json index 9e5622ab76b..883a3041339 100644 --- a/2015/1xxx/CVE-2015-1921.json +++ b/2015/1xxx/CVE-2015-1921.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21884060", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21884060" - }, - { - "name" : "PI38632", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632" - }, - { - "name" : "74705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI38632", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060" + }, + { + "name": "74705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74705" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5077.json b/2015/5xxx/CVE-2015-5077.json index 87501e9a446..50ee8222e7b 100644 --- a/2015/5xxx/CVE-2015-5077.json +++ b/2015/5xxx/CVE-2015-5077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5126.json b/2015/5xxx/CVE-2015-5126.json index 6431e4b100b..428d13254d7 100644 --- a/2015/5xxx/CVE-2015-5126.json +++ b/2015/5xxx/CVE-2015-5126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5126", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5126", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5183.json b/2015/5xxx/CVE-2015-5183.json index 583b29679f4..4b97de05f06 100644 --- a/2015/5xxx/CVE-2015-5183.json +++ b/2015/5xxx/CVE-2015-5183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249182", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249182" - }, - { - "name" : "RHSA-2018:2840", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2840" - }, - { - "name" : "1041750", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041750", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041750" + }, + { + "name": "RHSA-2018:2840", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2840" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5478.json b/2015/5xxx/CVE-2015-5478.json index c4965ae97bc..c605dc3523c 100644 --- a/2015/5xxx/CVE-2015-5478.json +++ b/2015/5xxx/CVE-2015-5478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11474.json b/2018/11xxx/CVE-2018-11474.json index 388c813643a..00c215d663b 100644 --- a/2018/11xxx/CVE-2018-11474.json +++ b/2018/11xxx/CVE-2018-11474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/444", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/444", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/444" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11703.json b/2018/11xxx/CVE-2018-11703.json index 983d07a5466..729b90fc871 100644 --- a/2018/11xxx/CVE-2018-11703.json +++ b/2018/11xxx/CVE-2018-11703.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703", - "refsource" : "MISC", - "url" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703", + "refsource": "MISC", + "url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11703" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3087.json b/2018/3xxx/CVE-2018-3087.json index ca44e8956e7..becc512de54 100644 --- a/2018/3xxx/CVE-2018-3087.json +++ b/2018/3xxx/CVE-2018-3087.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.16" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.16" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104764" - }, - { - "name" : "1041296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104764" + }, + { + "name": "1041296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041296" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3426.json b/2018/3xxx/CVE-2018-3426.json index bc3bf3aa283..b731c39ed64 100644 --- a/2018/3xxx/CVE-2018-3426.json +++ b/2018/3xxx/CVE-2018-3426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3478.json b/2018/3xxx/CVE-2018-3478.json index 0c4e399b0c2..70e820d7741 100644 --- a/2018/3xxx/CVE-2018-3478.json +++ b/2018/3xxx/CVE-2018-3478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3578.json b/2018/3xxx/CVE-2018-3578.json index 65f10221349..00fc87f052c 100644 --- a/2018/3xxx/CVE-2018-3578.json +++ b/2018/3xxx/CVE-2018-3578.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Calculation of Buffer Size in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3965.json b/2018/3xxx/CVE-2018-3965.json index 28ccc105d07..5b2517ce9e8 100644 --- a/2018/3xxx/CVE-2018-3965.json +++ b/2018/3xxx/CVE-2018-3965.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0630", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0630", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0630" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7959.json b/2018/7xxx/CVE-2018-7959.json index 98c321cb449..2a3f2ed2144 100644 --- a/2018/7xxx/CVE-2018-7959.json +++ b/2018/7xxx/CVE-2018-7959.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eSpace 7950", - "version" : { - "version_data" : [ - { - "version_value" : "V200R003C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eSpace 7950", + "version": { + "version_data": [ + { + "version_value": "V200R003C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-02-espace-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8268.json b/2018/8xxx/CVE-2018-8268.json index f16640ac144..c5e3ef2f0e8 100644 --- a/2018/8xxx/CVE-2018-8268.json +++ b/2018/8xxx/CVE-2018-8268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8268", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8268", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8616.json b/2018/8xxx/CVE-2018-8616.json index 8b5ae7c7fbe..b31e81c28ac 100644 --- a/2018/8xxx/CVE-2018-8616.json +++ b/2018/8xxx/CVE-2018-8616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8650.json b/2018/8xxx/CVE-2018-8650.json index 6a8d6205a29..0796d99a76c 100644 --- a/2018/8xxx/CVE-2018-8650.json +++ b/2018/8xxx/CVE-2018-8650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650" - }, - { - "name" : "106170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650" + }, + { + "name": "106170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106170" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8722.json b/2018/8xxx/CVE-2018-8722.json index f9f015e7787..fca058552a1 100644 --- a/2018/8xxx/CVE-2018-8722.json +++ b/2018/8xxx/CVE-2018-8722.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html" + } + ] + } +} \ No newline at end of file