diff --git a/2005/0xxx/CVE-2005-0525.json b/2005/0xxx/CVE-2005-0525.json index ba54898b8e4..120abe2fab4 100644 --- a/2005/0xxx/CVE-2005-0525.json +++ b/2005/0xxx/CVE-2005-0525.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities", - "refsource" : "IDEFENSE", - "url" : "http://www.securityfocus.com/archive/1/394797" - }, - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - }, - { - "name" : "DSA-729", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-729" - }, - { - "name" : "GLSA-200504-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" - }, - { - "name" : "MDKSA-2005:072", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" - }, - { - "name" : "RHSA-2005:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-405.html" - }, - { - "name" : "RHSA-2005:406", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-406.html" - }, - { - "name" : "DSA-708", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-708" - }, - { - "name" : "oval:org.mitre.oval:def:11703", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703" - }, - { - "name" : "ADV-2005-0305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0305" - }, - { - "name" : "15184", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15184" - }, - { - "name" : "1013619", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013619" - }, - { - "name" : "14792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-729", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-729" + }, + { + "name": "1013619", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013619" + }, + { + "name": "RHSA-2005:406", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-406.html" + }, + { + "name": "MDKSA-2005:072", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" + }, + { + "name": "15184", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15184" + }, + { + "name": "GLSA-200504-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" + }, + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + }, + { + "name": "14792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14792" + }, + { + "name": "ADV-2005-0305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0305" + }, + { + "name": "DSA-708", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-708" + }, + { + "name": "20050331 PHP getimagesize() Multiple Denial of Service Vulnerabilities", + "refsource": "IDEFENSE", + "url": "http://www.securityfocus.com/archive/1/394797" + }, + { + "name": "oval:org.mitre.oval:def:11703", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11703" + }, + { + "name": "RHSA-2005:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-405.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2465.json b/2005/2xxx/CVE-2005-2465.json index 448968bc582..fdb68af932f 100644 --- a/2005/2xxx/CVE-2005-2465.json +++ b/2005/2xxx/CVE-2005-2465.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050730 PC-EXPERIENCE/TOPPE CMS Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112274251601106&w=2" - }, - { - "name" : "14428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14428" - }, - { - "name" : "18715", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14428" + }, + { + "name": "18715", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18715" + }, + { + "name": "20050730 PC-EXPERIENCE/TOPPE CMS Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112274251601106&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2903.json b/2005/2xxx/CVE-2005-2903.json index 66e48a7e5a8..e0a2ab5b1c3 100644 --- a/2005/2xxx/CVE-2005-2903.json +++ b/2005/2xxx/CVE-2005-2903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050908 Secunia Research: NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112621063025054&w=2" - }, - { - "name" : "http://secunia.com/secunia_research/2005-40/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-40/advisory/" - }, - { - "name" : "14773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14773" - }, - { - "name" : "16604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16604/" - }, - { - "name" : "nod32-arj-archive-bo(22203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14773" + }, + { + "name": "http://secunia.com/secunia_research/2005-40/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-40/advisory/" + }, + { + "name": "nod32-arj-archive-bo(22203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22203" + }, + { + "name": "16604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16604/" + }, + { + "name": "20050908 Secunia Research: NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112621063025054&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3023.json b/2005/3xxx/CVE-2005-3023.json index f61283efd1f..ea46f0c32b4 100644 --- a/2005/3xxx/CVE-2005-3023.json +++ b/2005/3xxx/CVE-2005-3023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112715150320677&w=2" - }, - { - "name" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt", - "refsource" : "MISC", - "url" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt", + "refsource": "MISC", + "url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt" + }, + { + "name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112715150320677&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3483.json b/2005/3xxx/CVE-2005-3483.json index ba7c7c96339..8645345eede 100644 --- a/2005/3xxx/CVE-2005-3483.json +++ b/2005/3xxx/CVE-2005-3483.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 Buffer-overflow in GO-Global for Windows", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113095918810489&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/ggwbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ggwbof-adv.txt" - }, - { - "name" : "15285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15285" - }, - { - "name" : "ADV-2005-2290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2290" - }, - { - "name" : "20464", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20464" - }, - { - "name" : "17424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051102 Buffer-overflow in GO-Global for Windows", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113095918810489&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/ggwbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ggwbof-adv.txt" + }, + { + "name": "17424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17424" + }, + { + "name": "ADV-2005-2290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2290" + }, + { + "name": "15285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15285" + }, + { + "name": "20464", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20464" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3654.json b/2005/3xxx/CVE-2005-3654.json index fd9e9ba93ff..ea6c30b3f5b 100644 --- a/2005/3xxx/CVE-2005-3654.json +++ b/2005/3xxx/CVE-2005-3654.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060105 Blue Coat WinProxy Telnet DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365" - }, - { - "name" : "http://www.winproxy.com/products/relnotes.asp", - "refsource" : "CONFIRM", - "url" : "http://www.winproxy.com/products/relnotes.asp" - }, - { - "name" : "16149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16149" - }, - { - "name" : "ADV-2006-0065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0065" - }, - { - "name" : "1015442", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015442" - }, - { - "name" : "18288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18288" - }, - { - "name" : "322", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015442", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015442" + }, + { + "name": "322", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/322" + }, + { + "name": "http://www.winproxy.com/products/relnotes.asp", + "refsource": "CONFIRM", + "url": "http://www.winproxy.com/products/relnotes.asp" + }, + { + "name": "20060105 Blue Coat WinProxy Telnet DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365" + }, + { + "name": "ADV-2006-0065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0065" + }, + { + "name": "18288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18288" + }, + { + "name": "16149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16149" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3813.json b/2005/3xxx/CVE-2005-3813.json index f12f51629c5..2e3eabb4bb3 100644 --- a/2005/3xxx/CVE-2005-3813.json +++ b/2005/3xxx/CVE-2005-3813.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051124 MailEnable IMAP DOS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113285451031500&w=2" - }, - { - "name" : "20051124 MailEnable IMAP DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417589/30/0/threaded" - }, - { - "name" : "http://zur.homelinux.com/Advisories/MailEnableImapDos.txt", - "refsource" : "MISC", - "url" : "http://zur.homelinux.com/Advisories/MailEnableImapDos.txt" - }, - { - "name" : "15556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15556" - }, - { - "name" : "ADV-2005-2579", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2579" - }, - { - "name" : "21109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21109" - }, - { - "name" : "1015268", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015268" - }, - { - "name" : "17740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17740" - }, - { - "name" : "205", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "205", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/205" + }, + { + "name": "20051124 MailEnable IMAP DOS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113285451031500&w=2" + }, + { + "name": "20051124 MailEnable IMAP DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417589/30/0/threaded" + }, + { + "name": "15556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15556" + }, + { + "name": "1015268", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015268" + }, + { + "name": "http://zur.homelinux.com/Advisories/MailEnableImapDos.txt", + "refsource": "MISC", + "url": "http://zur.homelinux.com/Advisories/MailEnableImapDos.txt" + }, + { + "name": "17740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17740" + }, + { + "name": "21109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21109" + }, + { + "name": "ADV-2005-2579", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2579" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3819.json b/2005/3xxx/CVE-2005-3819.json index 71108a1ee8d..c110f0a5ca3 100644 --- a/2005/3xxx/CVE-2005-3819.json +++ b/2005/3xxx/CVE-2005-3819.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051124 Advisory 23/2005: vTiger multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417730/30/0/threaded" - }, - { - "name" : "http://www.hardened-php.net/advisory_232005.105.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_232005.105.html" - }, - { - "name" : "15562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15562" - }, - { - "name" : "ADV-2005-2569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2569" - }, - { - "name" : "21225", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21225" - }, - { - "name" : "1015271", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015271" - }, - { - "name" : "17693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2569" + }, + { + "name": "http://www.hardened-php.net/advisory_232005.105.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_232005.105.html" + }, + { + "name": "15562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15562" + }, + { + "name": "1015271", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015271" + }, + { + "name": "20051124 Advisory 23/2005: vTiger multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417730/30/0/threaded" + }, + { + "name": "17693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17693" + }, + { + "name": "21225", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21225" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4005.json b/2005/4xxx/CVE-2005-4005.json index 0fda2a56d4b..230d2cc98e3 100644 --- a/2005/4xxx/CVE-2005-4005.json +++ b/2005/4xxx/CVE-2005-4005.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051203 PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418512" - }, - { - "name" : "15698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15698" - }, - { - "name" : "ADV-2005-2730", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2730" - }, - { - "name" : "21415", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21415" - }, - { - "name" : "17871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17871" - }, - { - "name" : "31", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15698" + }, + { + "name": "31", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/31" + }, + { + "name": "21415", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21415" + }, + { + "name": "20051203 PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418512" + }, + { + "name": "17871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17871" + }, + { + "name": "ADV-2005-2730", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2730" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4267.json b/2005/4xxx/CVE-2005-4267.json index fe1243b9840..9a494a9d50f 100644 --- a/2005/4xxx/CVE-2005-4267.json +++ b/2005/4xxx/CVE-2005-4267.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a \"}\" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 [ACSSEC-2005-11-27-0x1] Eudora Qualcomm WorldMail 3.0 IMAP4 Servi ce 6.1.19.0", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Dec/1037.html" - }, - { - "name" : "20051220 Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=359" - }, - { - "name" : "15980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15980" - }, - { - "name" : "ADV-2005-3005", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3005" - }, - { - "name" : "1015391", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015391" - }, - { - "name" : "17640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17640" - }, - { - "name" : "277", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a \"}\" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015391", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015391" + }, + { + "name": "ADV-2005-3005", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3005" + }, + { + "name": "20051220 [ACSSEC-2005-11-27-0x1] Eudora Qualcomm WorldMail 3.0 IMAP4 Servi ce 6.1.19.0", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Dec/1037.html" + }, + { + "name": "15980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15980" + }, + { + "name": "20051220 Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=359" + }, + { + "name": "277", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/277" + }, + { + "name": "17640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17640" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4577.json b/2005/4xxx/CVE-2005-4577.json index 9aabe5b2344..73f4ff5eb48 100644 --- a/2005/4xxx/CVE-2005-4577.json +++ b/2005/4xxx/CVE-2005-4577.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html" - }, - { - "name" : "16067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16067" - }, - { - "name" : "22062", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22062" - }, - { - "name" : "1015420", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015420" - }, - { - "name" : "18213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18213" - }, - { - "name" : "hitachi-businesslogic-input-xss(23876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22062", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22062" + }, + { + "name": "16067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16067" + }, + { + "name": "hitachi-businesslogic-input-xss(23876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23876" + }, + { + "name": "18213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18213" + }, + { + "name": "1015420", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015420" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4600.json b/2005/4xxx/CVE-2005-4600.json index 20f651cc95d..a3e89dc1cf5 100644 --- a/2005/4xxx/CVE-2005-4600.json +++ b/2005/4xxx/CVE-2005-4600.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420543/100/0/threaded" - }, - { - "name" : "4441", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4441" - }, - { - "name" : "http://www.hardened-php.net/advisory_262005.111.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_262005.111.html" - }, - { - "name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233", - "refsource" : "CONFIRM", - "url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233" - }, - { - "name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244", - "refsource" : "CONFIRM", - "url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244" - }, - { - "name" : "16083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16083" - }, - { - "name" : "22116", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22116" - }, - { - "name" : "1015424", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015424" - }, - { - "name" : "18262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18262" - }, - { - "name" : "306", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/306" - }, - { - "name" : "izicontents-tinymcegzip-directory-traversal(36736)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233", + "refsource": "CONFIRM", + "url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233" + }, + { + "name": "4441", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4441" + }, + { + "name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244", + "refsource": "CONFIRM", + "url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244" + }, + { + "name": "306", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/306" + }, + { + "name": "18262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18262" + }, + { + "name": "http://www.hardened-php.net/advisory_262005.111.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_262005.111.html" + }, + { + "name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded" + }, + { + "name": "izicontents-tinymcegzip-directory-traversal(36736)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36736" + }, + { + "name": "16083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16083" + }, + { + "name": "1015424", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015424" + }, + { + "name": "22116", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22116" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0898.json b/2009/0xxx/CVE-2009-0898.json index fd0736e3dcb..ca23fdb2575 100644 --- a/2009/0xxx/CVE-2009-0898.json +++ b/2009/0xxx/CVE-2009-0898.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091209 HP OpenView Network Node Manager Remote Code Execution", - "refsource" : "ISS", - "url" : "http://www.iss.net/threats/357.html" - }, - { - "name" : "HPSBMA02483", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090101", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090257", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2" - }, - { - "name" : "37261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37261" - }, - { - "name" : "37294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37294" + }, + { + "name": "SSRT090101", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + }, + { + "name": "37261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37261" + }, + { + "name": "SSRT090257", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2" + }, + { + "name": "20091209 HP OpenView Network Node Manager Remote Code Execution", + "refsource": "ISS", + "url": "http://www.iss.net/threats/357.html" + }, + { + "name": "HPSBMA02483", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2034.json b/2009/2xxx/CVE-2009-2034.json index 76266e45cda..188086500d7 100644 --- a/2009/2xxx/CVE-2009-2034.json +++ b/2009/2xxx/CVE-2009-2034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8932", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8932" - }, - { - "name" : "35324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35324" - }, - { - "name" : "55098", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55098", + "refsource": "OSVDB", + "url": "http://osvdb.org/55098" + }, + { + "name": "8932", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8932" + }, + { + "name": "35324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35324" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2150.json b/2009/2xxx/CVE-2009-2150.json index 65c26d3daa6..50453843352 100644 --- a/2009/2xxx/CVE-2009-2150.json +++ b/2009/2xxx/CVE-2009-2150.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a (2) ADD or (3) DELETE action to enrolments/step2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2647.json b/2009/2xxx/CVE-2009-2647.json index 2a83d8d0fd0..0ac61d643bb 100644 --- a/2009/2xxx/CVE-2009-2647.json +++ b/2009/2xxx/CVE-2009-2647.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kaspersky.com/technews?id=203038755", - "refsource" : "CONFIRM", - "url" : "http://www.kaspersky.com/technews?id=203038755" - }, - { - "name" : "35789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35789" - }, - { - "name" : "56351", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56351" - }, - { - "name" : "35978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35978" - }, - { - "name" : "ADV-2009-1998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1998" - }, - { - "name" : "kaspersky-av-is-sec-bypass(51986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kaspersky-av-is-sec-bypass(51986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986" + }, + { + "name": "35789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35789" + }, + { + "name": "56351", + "refsource": "OSVDB", + "url": "http://osvdb.org/56351" + }, + { + "name": "ADV-2009-1998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1998" + }, + { + "name": "35978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35978" + }, + { + "name": "http://www.kaspersky.com/technews?id=203038755", + "refsource": "CONFIRM", + "url": "http://www.kaspersky.com/technews?id=203038755" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2662.json b/2009/2xxx/CVE-2009-2662.json index 4932c0a4ac0..50c4491ff14 100644 --- a/2009/2xxx/CVE-2009-2662.json +++ b/2009/2xxx/CVE-2009-2662.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-45.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-45.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502832", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502832" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503144", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503144" - }, - { - "name" : "FEDORA-2009-8279", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html" - }, - { - "name" : "FEDORA-2009-8288", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html" - }, - { - "name" : "266148", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1" - }, - { - "name" : "35927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35927" - }, - { - "name" : "36126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36126" - }, - { - "name" : "ADV-2009-2142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2142" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-45.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-45.html" + }, + { + "name": "266148", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1" + }, + { + "name": "FEDORA-2009-8288", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html" + }, + { + "name": "36126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36126" + }, + { + "name": "FEDORA-2009-8279", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=502832", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=502832" + }, + { + "name": "35927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35927" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=503144", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503144" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3212.json b/2009/3xxx/CVE-2009-3212.json index 75ba15b261a..2fb9eed9115 100644 --- a/2009/3xxx/CVE-2009-3212.json +++ b/2009/3xxx/CVE-2009-3212.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/infinity-disclose.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/infinity-disclose.txt" - }, - { - "name" : "infinity-username-sql-injection(52559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "infinity-username-sql-injection(52559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52559" + }, + { + "name": "http://packetstormsecurity.org/0908-exploits/infinity-disclose.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/infinity-disclose.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3499.json b/2009/3xxx/CVE-2009-3499.json index 210836cccc0..f8506b15fcd 100644 --- a/2009/3xxx/CVE-2009-3499.json +++ b/2009/3xxx/CVE-2009-3499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://antisecurity.org/bplawyercasedocument-1-0-mssql-vulnerabilities.antisecurity", - "refsource" : "MISC", - "url" : "http://antisecurity.org/bplawyercasedocument-1-0-mssql-vulnerabilities.antisecurity" - }, - { - "name" : "36796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36796" - }, - { - "name" : "ADV-2009-2733", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2733", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2733" + }, + { + "name": "http://antisecurity.org/bplawyercasedocument-1-0-mssql-vulnerabilities.antisecurity", + "refsource": "MISC", + "url": "http://antisecurity.org/bplawyercasedocument-1-0-mssql-vulnerabilities.antisecurity" + }, + { + "name": "36796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36796" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3559.json b/2009/3xxx/CVE-2009-3559.json index 4b3531b2102..71cc493d3ae 100644 --- a/2009/3xxx/CVE-2009-3559.json +++ b/2009/3xxx/CVE-2009-3559.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091120 CVE request: php 5.3.1 update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/2" - }, - { - "name" : "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/3" - }, - { - "name" : "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/20/5" - }, - { - "name" : "[php-announce] 20091119 5.3.1 Release announcement", - "refsource" : "MLIST", - "url" : "http://news.php.net/php.announce/79" - }, - { - "name" : "http://bugs.php.net/bug.php?id=50063", - "refsource" : "MISC", - "url" : "http://bugs.php.net/bug.php?id=50063" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/releases/5_3_1.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_3_1.php" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "MDVSA-2009:302", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" + }, + { + "name": "[php-announce] 20091119 5.3.1 Release announcement", + "refsource": "MLIST", + "url": "http://news.php.net/php.announce/79" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" + }, + { + "name": "http://www.php.net/releases/5_3_1.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_3_1.php" + }, + { + "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" + }, + { + "name": "http://bugs.php.net/bug.php?id=50063", + "refsource": "MISC", + "url": "http://bugs.php.net/bug.php?id=50063" + }, + { + "name": "MDVSA-2009:302", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3683.json b/2009/3xxx/CVE-2009-3683.json index e0402ce1e5e..c675a8e13d7 100644 --- a/2009/3xxx/CVE-2009-3683.json +++ b/2009/3xxx/CVE-2009-3683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3683", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3683", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3915.json b/2009/3xxx/CVE-2009-3915.json index 53c7153d5dd..ab80c2cb09b 100644 --- a/2009/3xxx/CVE-2009-3915.json +++ b/2009/3xxx/CVE-2009-3915.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"Separate title and URL\" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/620662", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/620662" - }, - { - "name" : "http://drupal.org/node/620668", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/620668" - }, - { - "name" : "http://drupal.org/node/623562", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623562" - }, - { - "name" : "36928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36928" - }, - { - "name" : "59672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59672" - }, - { - "name" : "37289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37289" - }, - { - "name" : "link-title-xss(54142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"Separate title and URL\" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36928" + }, + { + "name": "link-title-xss(54142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54142" + }, + { + "name": "59672", + "refsource": "OSVDB", + "url": "http://osvdb.org/59672" + }, + { + "name": "37289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37289" + }, + { + "name": "http://drupal.org/node/620668", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/620668" + }, + { + "name": "http://drupal.org/node/620662", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/620662" + }, + { + "name": "http://drupal.org/node/623562", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623562" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4548.json b/2009/4xxx/CVE-2009-4548.json index ca05b961bb3..cc0dbbe799a 100644 --- a/2009/4xxx/CVE-2009-4548.json +++ b/2009/4xxx/CVE-2009-4548.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/viarthd-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/viarthd-xss.txt" - }, - { - "name" : "56877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56877" - }, - { - "name" : "56878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56878" - }, - { - "name" : "56879", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56879" - }, - { - "name" : "56880", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56880" - }, - { - "name" : "56881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56881" - }, - { - "name" : "56882", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56882" - }, - { - "name" : "36240", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36240" - }, - { - "name" : "helpdesk-categoryid-xss(52349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36240", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36240" + }, + { + "name": "helpdesk-categoryid-xss(52349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52349" + }, + { + "name": "56882", + "refsource": "OSVDB", + "url": "http://osvdb.org/56882" + }, + { + "name": "56879", + "refsource": "OSVDB", + "url": "http://osvdb.org/56879" + }, + { + "name": "56880", + "refsource": "OSVDB", + "url": "http://osvdb.org/56880" + }, + { + "name": "56878", + "refsource": "OSVDB", + "url": "http://osvdb.org/56878" + }, + { + "name": "56877", + "refsource": "OSVDB", + "url": "http://osvdb.org/56877" + }, + { + "name": "http://packetstormsecurity.org/0908-exploits/viarthd-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/viarthd-xss.txt" + }, + { + "name": "56881", + "refsource": "OSVDB", + "url": "http://osvdb.org/56881" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4697.json b/2009/4xxx/CVE-2009-4697.json index 083b36af29d..3607401c311 100644 --- a/2009/4xxx/CVE-2009-4697.json +++ b/2009/4xxx/CVE-2009-4697.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9196", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9196" - }, - { - "name" : "35730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35730" - }, - { - "name" : "55951", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55951" - }, - { - "name" : "35846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35846" - }, - { - "name" : "radnics-index-xss(51841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35846" + }, + { + "name": "55951", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55951" + }, + { + "name": "radnics-index-xss(51841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51841" + }, + { + "name": "35730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35730" + }, + { + "name": "9196", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9196" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4760.json b/2009/4xxx/CVE-2009-4760.json index 728e72f1554..8d6ae56ebd2 100644 --- a/2009/4xxx/CVE-2009-4760.json +++ b/2009/4xxx/CVE-2009-4760.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8596", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8596" - }, - { - "name" : "ADV-2009-1244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1244" - }, - { - "name" : "winnaspguestbook-guestbook-info-disclosure(50294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winnaspguestbook-guestbook-info-disclosure(50294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50294" + }, + { + "name": "8596", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8596" + }, + { + "name": "ADV-2009-1244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1244" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2818.json b/2012/2xxx/CVE-2012-2818.json index 51dd1cd5255..643b924cf28 100644 --- a/2012/2xxx/CVE-2012-2818.json +++ b/2012/2xxx/CVE-2012-2818.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=120944", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=120944" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "openSUSE-SU-2012:0813", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15075728" - }, - { - "name" : "oval:org.mitre.oval:def:14771", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=120944", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=120944" + }, + { + "name": "openSUSE-SU-2012:0813", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15075728" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:14771", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14771" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0153.json b/2015/0xxx/CVE-2015-0153.json index a9b844a9e2b..8cd13b59ed3 100644 --- a/2015/0xxx/CVE-2015-0153.json +++ b/2015/0xxx/CVE-2015-0153.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", - "refsource" : "CONFIRM", - "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF" - }, - { - "name" : "dlink-dir815-cve20150153-info-disc(110586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", + "refsource": "CONFIRM", + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF" + }, + { + "name": "dlink-dir815-cve20150153-info-disc(110586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0314.json b/2015/0xxx/CVE-2015-0314.json index 33f196c6dfd..ae58773ff0a 100644 --- a/2015/0xxx/CVE-2015-0314.json +++ b/2015/0xxx/CVE-2015-0314.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62777" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150314-code-exec(100700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "adobe-flash-cve20150314-code-exec(100700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100700" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "62777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62777" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0636.json b/2015/0xxx/CVE-2015-0636.json index 9585530be0b..c7858fa7257 100644 --- a/2015/0xxx/CVE-2015-0636.json +++ b/2015/0xxx/CVE-2015-0636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150325 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani" - }, - { - "name" : "1031982", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150325 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani" + }, + { + "name": "1031982", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031982" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1311.json b/2015/1xxx/CVE-2015-1311.json index 8accae3df57..19e854f8d00 100644 --- a/2015/1xxx/CVE-2015-1311.json +++ b/2015/1xxx/CVE-2015-1311.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1367.json b/2015/1xxx/CVE-2015-1367.json index d16cd60becb..18533f0f9c6 100644 --- a/2015/1xxx/CVE-2015-1367.json +++ b/2015/1xxx/CVE-2015-1367.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150116 CatBot v0.4.2 (PHP) - SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534490/100/0/threaded" - }, - { - "name" : "20150116 CatBot v0.4.2 (PHP) - SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/63" - }, - { - "name" : "http://packetstormsecurity.com/files/129990/CatBot-0.4.2-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129990/CatBot-0.4.2-SQL-Injection.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=1408", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=1408" - }, - { - "name" : "catbot-index-sql-injection(100043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150116 CatBot v0.4.2 (PHP) - SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534490/100/0/threaded" + }, + { + "name": "20150116 CatBot v0.4.2 (PHP) - SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/63" + }, + { + "name": "http://packetstormsecurity.com/files/129990/CatBot-0.4.2-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129990/CatBot-0.4.2-SQL-Injection.html" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=1408", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=1408" + }, + { + "name": "catbot-index-sql-injection(100043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1434.json b/2015/1xxx/CVE-2015-1434.json index bd059190cac..c6c9da86759 100644 --- a/2015/1xxx/CVE-2015-1434.json +++ b/2015/1xxx/CVE-2015-1434.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150211 Multiple Vulnerabilities in my little forum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534681/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23248", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23248" - }, - { - "name" : "http://mylittleforum.net/forum/index.php?id=8182", - "refsource" : "CONFIRM", - "url" : "http://mylittleforum.net/forum/index.php?id=8182" - }, - { - "name" : "72575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72575" - }, - { - "name" : "mylittleforum-cve20151434-sql-injection(100855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150211 Multiple Vulnerabilities in my little forum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534681/100/0/threaded" + }, + { + "name": "72575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72575" + }, + { + "name": "http://mylittleforum.net/forum/index.php?id=8182", + "refsource": "CONFIRM", + "url": "http://mylittleforum.net/forum/index.php?id=8182" + }, + { + "name": "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "mylittleforum-cve20151434-sql-injection(100855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100855" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23248", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23248" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1542.json b/2015/1xxx/CVE-2015-1542.json index b86c1b08a1d..86cdd933eef 100644 --- a/2015/1xxx/CVE-2015-1542.json +++ b/2015/1xxx/CVE-2015-1542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1666.json b/2015/1xxx/CVE-2015-1666.json index 97a67d32cbf..71a8b06f7da 100644 --- a/2015/1xxx/CVE-2015-1666.json +++ b/2015/1xxx/CVE-2015-1666.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1652." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" - }, - { - "name" : "1032108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032108" + }, + { + "name": "MS15-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-032" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1881.json b/2015/1xxx/CVE-2015-1881.json index 558a9283326..d21e2b16949 100644 --- a/2015/1xxx/CVE-2015-1881.json +++ b/2015/1xxx/CVE-2015-1881.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1420696", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1420696" - }, - { - "name" : "RHSA-2015:0938", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0938.html" - }, - { - "name" : "72694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html" + }, + { + "name": "RHSA-2015:0938", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1420696", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1420696" + }, + { + "name": "72694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72694" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4025.json b/2015/4xxx/CVE-2015-4025.json index fb1842262c0..0e2040a8960 100644 --- a/2015/4xxx/CVE-2015-4025.json +++ b/2015/4xxx/CVE-2015-4025.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=69418", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=69418" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "DSA-3280", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3280" - }, - { - "name" : "FEDORA-2015-8281", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html" - }, - { - "name" : "FEDORA-2015-8370", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html" - }, - { - "name" : "FEDORA-2015-8383", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html" - }, - { - "name" : "GLSA-201606-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-10" - }, - { - "name" : "RHSA-2015:1187", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1187.html" - }, - { - "name" : "RHSA-2015:1135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" - }, - { - "name" : "RHSA-2015:1186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1186.html" - }, - { - "name" : "RHSA-2015:1219", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1219.html" - }, - { - "name" : "74904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74904" - }, - { - "name" : "1032431", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1187", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html" + }, + { + "name": "RHSA-2015:1186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=69418", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=69418" + }, + { + "name": "RHSA-2015:1219", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1219.html" + }, + { + "name": "74904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74904" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "DSA-3280", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3280" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "RHSA-2015:1135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html" + }, + { + "name": "1032431", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032431" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "FEDORA-2015-8383", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html" + }, + { + "name": "FEDORA-2015-8281", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html" + }, + { + "name": "FEDORA-2015-8370", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html" + }, + { + "name": "GLSA-201606-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-10" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5211.json b/2015/5xxx/CVE-2015-5211.json index eb9c3bafa8c..47cce07d5ca 100644 --- a/2015/5xxx/CVE-2015-5211.json +++ b/2015/5xxx/CVE-2015-5211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2015-5211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-5211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/" - }, - { - "name" : "https://pivotal.io/security/cve-2015-5211", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2015-5211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/" + }, + { + "name": "https://pivotal.io/security/cve-2015-5211", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2015-5211" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5226.json b/2015/5xxx/CVE-2015-5226.json index fd91c1bd1b3..cc677478263 100644 --- a/2015/5xxx/CVE-2015-5226.json +++ b/2015/5xxx/CVE-2015-5226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5226", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5226", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5718.json b/2015/5xxx/CVE-2015-5718.json index 9e0288bd76c..359523293e7 100644 --- a/2015/5xxx/CVE-2015-5718.json +++ b/2015/5xxx/CVE-2015-5718.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150805 SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536138/100/0/threaded" - }, - { - "name" : "20150805 SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Aug/8" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/132968/Websense-Triton-Content-Manager-8.0.0-Build-1165-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132968/Websense-Triton-Content-Manager-8.0.0-Build-1165-Buffer-Overflow.html" - }, - { - "name" : "http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway" - }, - { - "name" : "1033263", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/kbarticle/v8-0-0-About-Hotfix-02-for-Websense-Content-Gateway" + }, + { + "name": "http://packetstormsecurity.com/files/132968/Websense-Triton-Content-Manager-8.0.0-Build-1165-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132968/Websense-Triton-Content-Manager-8.0.0-Build-1165-Buffer-Overflow.html" + }, + { + "name": "20150805 SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Aug/8" + }, + { + "name": "20150805 SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536138/100/0/threaded" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt" + }, + { + "name": "1033263", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033263" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3009.json b/2018/3xxx/CVE-2018-3009.json index 2d05769fb80..ccc895e14c4 100644 --- a/2018/3xxx/CVE-2018-3009.json +++ b/2018/3xxx/CVE-2018-3009.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104762" - }, - { - "name" : "1041310", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104762" + }, + { + "name": "1041310", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041310" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3100.json b/2018/3xxx/CVE-2018-3100.json index 2f47fcaf5b3..83456a983a6 100644 --- a/2018/3xxx/CVE-2018-3100.json +++ b/2018/3xxx/CVE-2018-3100.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Management Suite", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7.0" - }, - { - "version_affected" : "=", - "version_value" : "11.1.1.9.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Management Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7.0" + }, + { + "version_affected": "=", + "version_value": "11.1.1.9.0" + }, + { + "version_affected": "=", + "version_value": "12.1.3.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104813" - }, - { - "name" : "1041310", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104813" + }, + { + "name": "1041310", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041310" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3220.json b/2018/3xxx/CVE-2018-3220.json index 1c711c1a3cf..49b3ba5bb8b 100644 --- a/2018/3xxx/CVE-2018-3220.json +++ b/2018/3xxx/CVE-2018-3220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.5.3" - }, - { - "version_affected" : "=", - "version_value" : "8.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.5.3" + }, + { + "version_affected": "=", + "version_value": "8.5.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105603" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3548.json b/2018/3xxx/CVE-2018-3548.json index 742f8a05a55..41c3dbe2cd0 100644 --- a/2018/3xxx/CVE-2018-3548.json +++ b/2018/3xxx/CVE-2018-3548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3672.json b/2018/3xxx/CVE-2018-3672.json index 8dcd679f920..82219794828 100644 --- a/2018/3xxx/CVE-2018-3672.json +++ b/2018/3xxx/CVE-2018-3672.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-07-24T00:00:00", - "ID" : "CVE-2018-3672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Smart Sound Technology", - "version" : { - "version_data" : [ - { - "version_value" : "before 9.21.00.3541" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-07-24T00:00:00", + "ID": "CVE-2018-3672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Sound Technology", + "version": { + "version_data": [ + { + "version_value": "before 9.21.00.3541" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00163.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00163.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00163.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00163.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6167.json b/2018/6xxx/CVE-2018-6167.json index 0b4d347b475..367d8dd649c 100644 --- a/2018/6xxx/CVE-2018-6167.json +++ b/2018/6xxx/CVE-2018-6167.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/833143", - "refsource" : "MISC", - "url" : "https://crbug.com/833143" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4256", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4256" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "RHSA-2018:2282", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2282" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:2282", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2282" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "https://crbug.com/833143", + "refsource": "MISC", + "url": "https://crbug.com/833143" + }, + { + "name": "DSA-4256", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4256" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6279.json b/2018/6xxx/CVE-2018-6279.json index 95e63c1ed06..bb54e1462e9 100644 --- a/2018/6xxx/CVE-2018-6279.json +++ b/2018/6xxx/CVE-2018-6279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6463.json b/2018/6xxx/CVE-2018-6463.json index c2637c4b830..12ef1e69f0a 100644 --- a/2018/6xxx/CVE-2018-6463.json +++ b/2018/6xxx/CVE-2018-6463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6484.json b/2018/6xxx/CVE-2018-6484.json index 8a141ffc7fc..bcd77ae62c4 100644 --- a/2018/6xxx/CVE-2018-6484.json +++ b/2018/6xxx/CVE-2018-6484.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gdraheim/zziplib/issues/14", - "refsource" : "MISC", - "url" : "https://github.com/gdraheim/zziplib/issues/14" - }, - { - "name" : "USN-3699-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3699-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gdraheim/zziplib/issues/14", + "refsource": "MISC", + "url": "https://github.com/gdraheim/zziplib/issues/14" + }, + { + "name": "USN-3699-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3699-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6617.json b/2018/6xxx/CVE-2018-6617.json index 7e3dc494d44..49ecc5b879a 100644 --- a/2018/6xxx/CVE-2018-6617.json +++ b/2018/6xxx/CVE-2018-6617.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt" + }, + { + "name": "http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6876.json b/2018/6xxx/CVE-2018-6876.json index 0cba8822558..cce7abcc32a 100644 --- a/2018/6xxx/CVE-2018-6876.json +++ b/2018/6xxx/CVE-2018-6876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/973", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/973" - }, - { - "name" : "103035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103035" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/973", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/973" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7117.json b/2018/7xxx/CVE-2018-7117.json index d119d831821..cc4a5eb1ce4 100644 --- a/2018/7xxx/CVE-2018-7117.json +++ b/2018/7xxx/CVE-2018-7117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7437.json b/2018/7xxx/CVE-2018-7437.json index d370f45ed2e..ddfda5840e8 100644 --- a/2018/7xxx/CVE-2018-7437.json +++ b/2018/7xxx/CVE-2018-7437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547885", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547885" - }, - { - "name" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" - }, - { - "name" : "DSA-4129", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html" + }, + { + "name": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE" + }, + { + "name": "DSA-4129", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4129" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547885", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547885" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7516.json b/2018/7xxx/CVE-2018-7516.json index 8c02e1d6350..f8f0fdfca2f 100644 --- a/2018/7xxx/CVE-2018-7516.json +++ b/2018/7xxx/CVE-2018-7516.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-20T00:00:00", - "ID" : "CVE-2018-7516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", - "version" : { - "version_data" : [ - { - "version_value" : "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" - } - ] - } - } - ] - }, - "vendor_name" : "Geutebrück" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-20T00:00:00", + "ID": "CVE-2018-7516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Geutebrück G-Cam/EFD-2250 (part n° 5.02024) firmware and Topline TopFD-2125 (part n° 5.02820) firmware", + "version": { + "version_data": [ + { + "version_value": "G-Cam/EFD-2250 version 1.12.0.4 and Topline TopFD-2125 version 3.15.1" + } + ] + } + } + ] + }, + "vendor_name": "Geutebrück" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" - }, - { - "name" : "103474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01" + }, + { + "name": "103474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103474" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7907.json b/2018/7xxx/CVE-2018-7907.json index 89f04a9a17a..90f5b2cabd0 100644 --- a/2018/7xxx/CVE-2018-7907.json +++ b/2018/7xxx/CVE-2018-7907.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Agassi-L09,Agassi-W09,Baggio2-U01A,Bond-AL00C,Bond-AL10B,Bond-TL10B,Bond-TL10C,Haydn-L1JB,Kobe-L09A,Kobe-L09AHN,Kobe-W09C,LelandP-L22C,LelandP-L22D,Rhone-AL00,Selina-L02,Stanford-L09S,Toronto-AL00,Toronto-AL00A,Toronto-TL10", - "version" : { - "version_data" : [ - { - "version_value" : "Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001,Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001,Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001,Bond-AL00C Bond-AL00CC00B201,Bond-AL10B Bond-AL10BC00B201,Bond-TL10B Bond-TL10BC01B201,Bond-TL10C Bond-TL10CC01B131,Haydn-L1JB HDN-L1JC137B068,Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001,Kobe-L09AHN KOB-L09C233B226,Kobe-W09C KOB-W09C128B251CUSTC128D001,LelandP-L22C 8.0.0.101(C675CUSTC675D2),LelandP-L22D 8.0.0.101(C675CUSTC675D2),Rhone-AL00 Rhone-AL00C00B186,Selina-L02 Selina-L02C432B153,Stanford-L09S Stanford-L09SC432B183,Toronto-AL00 Toronto-AL00C00B223,Toronto-AL00A Toronto-AL00AC00B223,Toronto-TL10 Toronto-TL10C01B223" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "sensitive information leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Agassi-L09,Agassi-W09,Baggio2-U01A,Bond-AL00C,Bond-AL10B,Bond-TL10B,Bond-TL10C,Haydn-L1JB,Kobe-L09A,Kobe-L09AHN,Kobe-W09C,LelandP-L22C,LelandP-L22D,Rhone-AL00,Selina-L02,Stanford-L09S,Toronto-AL00,Toronto-AL00A,Toronto-TL10", + "version": { + "version_data": [ + { + "version_value": "Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001,Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001,Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001,Bond-AL00C Bond-AL00CC00B201,Bond-AL10B Bond-AL10BC00B201,Bond-TL10B Bond-TL10BC01B201,Bond-TL10C Bond-TL10CC01B131,Haydn-L1JB HDN-L1JC137B068,Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001,Kobe-L09AHN KOB-L09C233B226,Kobe-W09C KOB-W09C128B251CUSTC128D001,LelandP-L22C 8.0.0.101(C675CUSTC675D2),LelandP-L22D 8.0.0.101(C675CUSTC675D2),Rhone-AL00 Rhone-AL00C00B186,Selina-L02 Selina-L02C432B153,Stanford-L09S Stanford-L09SC432B183,Toronto-AL00 Toronto-AL00C00B223,Toronto-AL00A Toronto-AL00AC00B223,Toronto-TL10 Toronto-TL10C01B223" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "sensitive information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180919-02-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8691.json b/2018/8xxx/CVE-2018-8691.json index d2e9fc66cd0..a664a8bd024 100644 --- a/2018/8xxx/CVE-2018-8691.json +++ b/2018/8xxx/CVE-2018-8691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8823.json b/2018/8xxx/CVE-2018-8823.json index 6826e4f5ea0..478ce3cca3c 100644 --- a/2018/8xxx/CVE-2018-8823.json +++ b/2018/8xxx/CVE-2018-8823.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ia-informatica.com/it/CVE-2018-8823", - "refsource" : "MISC", - "url" : "https://ia-informatica.com/it/CVE-2018-8823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ia-informatica.com/it/CVE-2018-8823", + "refsource": "MISC", + "url": "https://ia-informatica.com/it/CVE-2018-8823" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8923.json b/2018/8xxx/CVE-2018-8923.json index 7270c5ca950..4ea98b15a85 100644 --- a/2018/8xxx/CVE-2018-8923.json +++ b/2018/8xxx/CVE-2018-8923.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-8923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "File Station", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "1.1.4-0122" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-8923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "File Station", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.1.4-0122" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_09", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_09" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_09", + "refsource": "CONFIRM", + "url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_09" + } + ] + } +} \ No newline at end of file