From dd790ecbb7a27f79b9ffa022f4033b923344d680 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:48:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1190.json | 130 ++++----- 1999/1xxx/CVE-1999-1268.json | 130 ++++----- 1999/1xxx/CVE-1999-1285.json | 130 ++++----- 2000/0xxx/CVE-2000-0386.json | 130 ++++----- 2000/0xxx/CVE-2000-0600.json | 140 +++++----- 2000/1xxx/CVE-2000-1114.json | 130 ++++----- 2000/1xxx/CVE-2000-1219.json | 130 ++++----- 2005/2xxx/CVE-2005-2320.json | 120 ++++---- 2005/2xxx/CVE-2005-2715.json | 190 ++++++------- 2005/2xxx/CVE-2005-2792.json | 160 +++++------ 2005/2xxx/CVE-2005-2964.json | 280 +++++++++---------- 2005/3xxx/CVE-2005-3011.json | 430 ++++++++++++++--------------- 2005/3xxx/CVE-2005-3042.json | 250 ++++++++--------- 2005/3xxx/CVE-2005-3069.json | 200 +++++++------- 2005/3xxx/CVE-2005-3109.json | 210 +++++++------- 2005/3xxx/CVE-2005-3265.json | 190 ++++++------- 2005/3xxx/CVE-2005-3421.json | 160 +++++------ 2005/3xxx/CVE-2005-3578.json | 150 +++++----- 2005/4xxx/CVE-2005-4082.json | 150 +++++----- 2005/4xxx/CVE-2005-4817.json | 170 ++++++------ 2009/2xxx/CVE-2009-2095.json | 120 ++++---- 2009/2xxx/CVE-2009-2428.json | 140 +++++----- 2009/2xxx/CVE-2009-2734.json | 180 ++++++------ 2009/2xxx/CVE-2009-2801.json | 120 ++++---- 2009/2xxx/CVE-2009-2932.json | 190 ++++++------- 2009/3xxx/CVE-2009-3381.json | 200 +++++++------- 2009/3xxx/CVE-2009-3647.json | 130 ++++----- 2009/3xxx/CVE-2009-3932.json | 170 ++++++------ 2009/4xxx/CVE-2009-4348.json | 130 ++++----- 2015/0xxx/CVE-2015-0010.json | 140 +++++----- 2015/0xxx/CVE-2015-0388.json | 150 +++++----- 2015/0xxx/CVE-2015-0581.json | 140 +++++----- 2015/0xxx/CVE-2015-0816.json | 290 +++++++++---------- 2015/1000xxx/CVE-2015-1000004.json | 130 ++++----- 2015/1xxx/CVE-2015-1415.json | 150 +++++----- 2015/1xxx/CVE-2015-1709.json | 140 +++++----- 2015/1xxx/CVE-2015-1856.json | 220 +++++++-------- 2015/4xxx/CVE-2015-4030.json | 34 +-- 2015/4xxx/CVE-2015-4223.json | 140 +++++----- 2015/4xxx/CVE-2015-4450.json | 140 +++++----- 2015/4xxx/CVE-2015-4729.json | 230 +++++++-------- 2015/4xxx/CVE-2015-4859.json | 130 ++++----- 2015/5xxx/CVE-2015-5305.json | 130 ++++----- 2018/2xxx/CVE-2018-2037.json | 34 +-- 2018/2xxx/CVE-2018-2542.json | 34 +-- 2018/3xxx/CVE-2018-3160.json | 132 ++++----- 2018/3xxx/CVE-2018-3167.json | 182 ++++++------ 2018/3xxx/CVE-2018-3744.json | 132 ++++----- 2018/3xxx/CVE-2018-3866.json | 122 ++++---- 2018/3xxx/CVE-2018-3972.json | 132 ++++----- 2018/3xxx/CVE-2018-3998.json | 122 ++++---- 2018/6xxx/CVE-2018-6403.json | 34 +-- 2018/6xxx/CVE-2018-6485.json | 150 +++++----- 2018/6xxx/CVE-2018-6518.json | 120 ++++---- 2018/6xxx/CVE-2018-6540.json | 130 ++++----- 2018/6xxx/CVE-2018-6849.json | 160 +++++------ 2018/7xxx/CVE-2018-7007.json | 34 +-- 2018/7xxx/CVE-2018-7710.json | 34 +-- 2018/7xxx/CVE-2018-7996.json | 120 ++++---- 59 files changed, 4398 insertions(+), 4398 deletions(-) diff --git a/1999/1xxx/CVE-1999-1190.json b/1999/1xxx/CVE-1999-1190.json index aff7ef58de2..7000bb7e43c 100644 --- a/1999/1xxx/CVE-1999-1190.json +++ b/1999/1xxx/CVE-1999-1190.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long \"From\" header in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html" - }, - { - "name" : "801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long \"From\" header in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html" + }, + { + "name": "801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/801" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1268.json b/1999/1xxx/CVE-1999-1268.json index a44979cfa38..c4abc758824 100644 --- a/1999/1xxx/CVE-1999-1268.json +++ b/1999/1xxx/CVE-1999-1268.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2", - "refsource" : "MISC", - "url" : "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2" - }, - { - "name" : "kde-konsole-hijack(1645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kde-konsole-hijack(1645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1645" + }, + { + "name": "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2", + "refsource": "MISC", + "url": "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1285.json b/1999/1xxx/CVE-1999-1285.json index eb602a9d204..bdc073dd4ce 100644 --- a/1999/1xxx/CVE-1999-1285.json +++ b/1999/1xxx/CVE-1999-1285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19981227 [patch] fix for urandom read(2) not interruptible", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91495921611500&w=2" - }, - { - "name" : "linux-random-read-dos(1472)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19981227 [patch] fix for urandom read(2) not interruptible", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91495921611500&w=2" + }, + { + "name": "linux-random-read-dos(1472)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1472" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0386.json b/2000/0xxx/CVE-2000-0386.json index f4bd82d9db2..7a8bd7b369e 100644 --- a/2000/0xxx/CVE-2000-0386.json +++ b/2000/0xxx/CVE-2000-0386.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html", - "refsource" : "MISC", - "url" : "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html" - }, - { - "name" : "http://www.filemaker.com/support/webcompanion.html", - "refsource" : "CONFIRM", - "url" : "http://www.filemaker.com/support/webcompanion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.filemaker.com/support/webcompanion.html", + "refsource": "CONFIRM", + "url": "http://www.filemaker.com/support/webcompanion.html" + }, + { + "name": "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html", + "refsource": "MISC", + "url": "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0600.json b/2000/0xxx/CVE-2000-0600.json index 141401f7a95..bb87e0a5ad1 100644 --- a/2000/0xxx/CVE-2000-0600.json +++ b/2000/0xxx/CVE-2000-0600.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html" - }, - { - "name" : "1393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1393" - }, - { - "name" : "netscape-virtual-directory-bo(4780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netscape-virtual-directory-bo(4780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4780" + }, + { + "name": "1393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1393" + }, + { + "name": "20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1114.json b/2000/1xxx/CVE-2000-1114.json index 434ecdf0b9e..6be15b44615 100644 --- a/2000/1xxx/CVE-2000-1114.json +++ b/2000/1xxx/CVE-2000-1114.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as \".\", or \"+\", or \"%20\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001121 Disclosure of JSP source code with ServletExec AS v3.0c + web ins tance", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html" - }, - { - "name" : "1970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as \".\", or \"+\", or \"%20\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001121 Disclosure of JSP source code with ServletExec AS v3.0c + web ins tance", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html" + }, + { + "name": "1970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1970" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1219.json b/2000/1xxx/CVE-2000-1219.json index afb0fa48142..812c1f6c40b 100644 --- a/2000/1xxx/CVE-2000-1219.json +++ b/2000/1xxx/CVE-2000-1219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", - "refsource" : "MLIST", - "url" : "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html" - }, - { - "name" : "VU#540517", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/540517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#540517", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/540517" + }, + { + "name": "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", + "refsource": "MLIST", + "url": "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2320.json b/2005/2xxx/CVE-2005-2320.json index 0d904f4b105..747465bc80d 100644 --- a/2005/2xxx/CVE-2005-2320.json +++ b/2005/2xxx/CVE-2005-2320.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14072" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2715.json b/2005/2xxx/CVE-2005-2715.json index 74da40817c7..7b883552eb2 100644 --- a/2005/2xxx/CVE-2005-2715.json +++ b/2005/2xxx/CVE-2005-2715.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2005.10.12.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2005.10.12.html" - }, - { - "name" : "http://seer.support.veritas.com/docs/279085.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/279085.htm" - }, - { - "name" : "102054", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1" - }, - { - "name" : "VU#495556", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/495556" - }, - { - "name" : "15079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15079" - }, - { - "name" : "1015028", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015028" - }, - { - "name" : "17181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/avcenter/security/Content/2005.10.12.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2005.10.12.html" + }, + { + "name": "17181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17181" + }, + { + "name": "http://seer.support.veritas.com/docs/279085.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/279085.htm" + }, + { + "name": "VU#495556", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/495556" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html" + }, + { + "name": "15079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15079" + }, + { + "name": "1015028", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015028" + }, + { + "name": "102054", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2792.json b/2005/2xxx/CVE-2005-2792.json index a94de3bb2de..9fa1251caf7 100644 --- a/2005/2xxx/CVE-2005-2792.json +++ b/2005/2xxx/CVE-2005-2792.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112542447219235&w=2" - }, - { - "name" : "http://www.rgod.altervista.org/phpldap.html", - "refsource" : "MISC", - "url" : "http://www.rgod.altervista.org/phpldap.html" - }, - { - "name" : "14695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14695" - }, - { - "name" : "16617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16617/" - }, - { - "name" : "phpldapadmin-welcome-file-include(22103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16617/" + }, + { + "name": "phpldapadmin-welcome-file-include(22103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103" + }, + { + "name": "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112542447219235&w=2" + }, + { + "name": "14695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14695" + }, + { + "name": "http://www.rgod.altervista.org/phpldap.html", + "refsource": "MISC", + "url": "http://www.rgod.altervista.org/phpldap.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2964.json b/2005/2xxx/CVE-2005-2964.json index e00cfd133b2..af1d3264d14 100644 --- a/2005/2xxx/CVE-2005-2964.json +++ b/2005/2xxx/CVE-2005-2964.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-2964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.abiword.org/release-notes/2.2.10.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.abiword.org/release-notes/2.2.10.phtml" - }, - { - "name" : "DSA-894", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-894" - }, - { - "name" : "GLSA-200509-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml" - }, - { - "name" : "GLSA-200510-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" - }, - { - "name" : "SUSE-SR:2005:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_23_sr.html" - }, - { - "name" : "USN-188-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-188-1" - }, - { - "name" : "14971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14971" - }, - { - "name" : "19717", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19717" - }, - { - "name" : "1014982", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014982" - }, - { - "name" : "16982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16982" - }, - { - "name" : "17052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17052" - }, - { - "name" : "17070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17070" - }, - { - "name" : "17215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17215" - }, - { - "name" : "17551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17551" - }, - { - "name" : "16990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16990" - }, - { - "name" : "17012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17012" - }, - { - "name" : "abiword-rtf-importer-bo(22454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-188-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-188-1" + }, + { + "name": "http://www.abiword.org/release-notes/2.2.10.phtml", + "refsource": "CONFIRM", + "url": "http://www.abiword.org/release-notes/2.2.10.phtml" + }, + { + "name": "1014982", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014982" + }, + { + "name": "GLSA-200509-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml" + }, + { + "name": "DSA-894", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-894" + }, + { + "name": "14971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14971" + }, + { + "name": "17551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17551" + }, + { + "name": "17052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17052" + }, + { + "name": "abiword-rtf-importer-bo(22454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454" + }, + { + "name": "GLSA-200510-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" + }, + { + "name": "17070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17070" + }, + { + "name": "16982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16982" + }, + { + "name": "19717", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19717" + }, + { + "name": "17215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17215" + }, + { + "name": "16990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16990" + }, + { + "name": "SUSE-SR:2005:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html" + }, + { + "name": "17012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17012" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3011.json b/2005/3xxx/CVE-2005-3011.json index 1bcb9b99b31..ad10560cb2e 100644 --- a/2005/3xxx/CVE-2005-3011.json +++ b/2005/3xxx/CVE-2005-3011.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305530", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305530" - }, - { - "name" : "APPLE-SA-2007-05-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" - }, - { - "name" : "DSA-1219", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1219" - }, - { - "name" : "FreeBSD-SA-06:01", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc" - }, - { - "name" : "GLSA-200510-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" - }, - { - "name" : "MDKSA-2005:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175" - }, - { - "name" : "RHSA-2006:0727", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0727.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SR:2005:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_23_sr.html" - }, - { - "name" : "TSLSA-2005-0059", - "refsource" : "TRUSTIX", - "url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" - }, - { - "name" : "USN-194-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-194-1" - }, - { - "name" : "14854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14854" - }, - { - "name" : "oval:org.mitre.oval:def:10589", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589" - }, - { - "name" : "ADV-2007-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1267" - }, - { - "name" : "ADV-2007-1939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1939" - }, - { - "name" : "1015468", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015468" - }, - { - "name" : "1014992", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014992" - }, - { - "name" : "16816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16816" - }, - { - "name" : "18401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18401" - }, - { - "name" : "17070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17070" - }, - { - "name" : "17076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17076" - }, - { - "name" : "17093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17093" - }, - { - "name" : "17211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17211" - }, - { - "name" : "17215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17215" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "23112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23112" - }, - { - "name" : "24788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24788" - }, - { - "name" : "25402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=305530", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305530" + }, + { + "name": "USN-194-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-194-1" + }, + { + "name": "RHSA-2006:0727", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html" + }, + { + "name": "ADV-2007-1939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1939" + }, + { + "name": "TSLSA-2005-0059", + "refsource": "TRUSTIX", + "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" + }, + { + "name": "APPLE-SA-2007-05-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" + }, + { + "name": "25402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25402" + }, + { + "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" + }, + { + "name": "17076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17076" + }, + { + "name": "18401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18401" + }, + { + "name": "MDKSA-2005:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365" + }, + { + "name": "17211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17211" + }, + { + "name": "ADV-2007-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1267" + }, + { + "name": "14854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14854" + }, + { + "name": "23112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23112" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" + }, + { + "name": "17093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17093" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "24788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24788" + }, + { + "name": "16816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16816" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "GLSA-200510-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" + }, + { + "name": "17070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17070" + }, + { + "name": "FreeBSD-SA-06:01", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc" + }, + { + "name": "1015468", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015468" + }, + { + "name": "1014992", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014992" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" + }, + { + "name": "17215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17215" + }, + { + "name": "oval:org.mitre.oval:def:10589", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589" + }, + { + "name": "DSA-1219", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1219" + }, + { + "name": "SUSE-SR:2005:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3042.json b/2005/3xxx/CVE-2005-3042.json index 3e85e96512f..91a7cbe43ad 100644 --- a/2005/3xxx/CVE-2005-3042.json +++ b/2005/3xxx/CVE-2005-3042.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html" - }, - { - "name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html", - "refsource" : "MISC", - "url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html" - }, - { - "name" : "http://www.webmin.com/changes-1.230.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/changes-1.230.html" - }, - { - "name" : "http://www.webmin.com/uchanges-1.160.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/uchanges-1.160.html" - }, - { - "name" : "GLSA-200509-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml" - }, - { - "name" : "MDKSA-2005:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176" - }, - { - "name" : "SUSE-SR:2005:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_24_sr.html" - }, - { - "name" : "JVN#40940493", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2340940493/index.html" - }, - { - "name" : "14889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14889" - }, - { - "name" : "ADV-2005-1791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1791" - }, - { - "name" : "19575", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19575" - }, - { - "name" : "16858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16858" - }, - { - "name" : "17282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17282" - }, - { - "name" : "17", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16858" + }, + { + "name": "17282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17282" + }, + { + "name": "GLSA-200509-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml" + }, + { + "name": "19575", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19575" + }, + { + "name": "17", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/17" + }, + { + "name": "14889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14889" + }, + { + "name": "ADV-2005-1791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1791" + }, + { + "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html", + "refsource": "MISC", + "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html" + }, + { + "name": "MDKSA-2005:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176" + }, + { + "name": "SUSE-SR:2005:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html" + }, + { + "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html" + }, + { + "name": "http://www.webmin.com/changes-1.230.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/changes-1.230.html" + }, + { + "name": "JVN#40940493", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2340940493/index.html" + }, + { + "name": "http://www.webmin.com/uchanges-1.160.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/uchanges-1.160.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3069.json b/2005/3xxx/CVE-2005-3069.json index 3bd6116b073..e2ba5ca3e2e 100644 --- a/2005/3xxx/CVE-2005-3069.json +++ b/2005/3xxx/CVE-2005-3069.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384" - }, - { - "name" : "DSA-865", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-865" - }, - { - "name" : "GLSA-200509-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml" - }, - { - "name" : "MDKSA-2005:177", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:177" - }, - { - "name" : "14907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14907" - }, - { - "name" : "17022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17022" - }, - { - "name" : "16906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16906" - }, - { - "name" : "17107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17107" - }, - { - "name" : "17187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17022" + }, + { + "name": "14907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14907" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384" + }, + { + "name": "DSA-865", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-865" + }, + { + "name": "GLSA-200509-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml" + }, + { + "name": "MDKSA-2005:177", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:177" + }, + { + "name": "16906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16906" + }, + { + "name": "17187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17187" + }, + { + "name": "17107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17107" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3109.json b/2005/3xxx/CVE-2005-3109.json index 754af91b57f..32258a86f75 100644 --- a/2005/3xxx/CVE-2005-3109.json +++ b/2005/3xxx/CVE-2005-3109.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "RHSA-2006:0101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html" - }, - { - "name" : "USN-199-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-199-1" - }, - { - "name" : "15049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15049" - }, - { - "name" : "oval:org.mitre.oval:def:10777", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10777" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18510" - }, - { - "name" : "17141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10777", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10777" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "RHSA-2006:0101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html" + }, + { + "name": "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "15049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15049" + }, + { + "name": "18510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18510" + }, + { + "name": "17141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17141" + }, + { + "name": "USN-199-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-199-1" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3265.json b/2005/3xxx/CVE-2005-3265.json index f2caf8cffa3..9edf3a90b34 100644 --- a/2005/3xxx/CVE-2005-3265.json +++ b/2005/3xxx/CVE-2005-3265.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pentest.co.uk/documents/ptl-2005-01.html", - "refsource" : "MISC", - "url" : "http://www.pentest.co.uk/documents/ptl-2005-01.html" - }, - { - "name" : "http://skype.com/security/skype-sb-2005-02.html", - "refsource" : "CONFIRM", - "url" : "http://skype.com/security/skype-sb-2005-02.html" - }, - { - "name" : "VU#930345", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/930345" - }, - { - "name" : "VU#668193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/668193" - }, - { - "name" : "15190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15190" - }, - { - "name" : "ADV-2005-2197", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2197" - }, - { - "name" : "17305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17305/" - }, - { - "name" : "skype-uri-bo(22848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pentest.co.uk/documents/ptl-2005-01.html", + "refsource": "MISC", + "url": "http://www.pentest.co.uk/documents/ptl-2005-01.html" + }, + { + "name": "VU#668193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/668193" + }, + { + "name": "17305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17305/" + }, + { + "name": "ADV-2005-2197", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2197" + }, + { + "name": "VU#930345", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/930345" + }, + { + "name": "skype-uri-bo(22848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848" + }, + { + "name": "15190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15190" + }, + { + "name": "http://skype.com/security/skype-sb-2005-02.html", + "refsource": "CONFIRM", + "url": "http://skype.com/security/skype-sb-2005-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3421.json b/2005/3xxx/CVE-2005-3421.json index e39142a8558..f5bf18b0323 100644 --- a/2005/3xxx/CVE-2005-3421.json +++ b/2005/3xxx/CVE-2005-3421.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=366565", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=366565" - }, - { - "name" : "JVN#18282718", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2318282718/index.html" - }, - { - "name" : "15236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15236" - }, - { - "name" : "1015119", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015119" - }, - { - "name" : "17379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15236" + }, + { + "name": "17379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17379" + }, + { + "name": "JVN#18282718", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2318282718/index.html" + }, + { + "name": "1015119", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015119" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=366565", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=366565" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3578.json b/2005/3xxx/CVE-2005-3578.json index 49bdb1edfeb..a849827c94e 100644 --- a/2005/3xxx/CVE-2005-3578.json +++ b/2005/3xxx/CVE-2005-3578.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051114 Walla TeleSite Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416581/30/0/threaded" - }, - { - "name" : "15419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15419" - }, - { - "name" : "20883", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20883" - }, - { - "name" : "1015204", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051114 Walla TeleSite Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416581/30/0/threaded" + }, + { + "name": "1015204", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015204" + }, + { + "name": "20883", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20883" + }, + { + "name": "15419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15419" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4082.json b/2005/4xxx/CVE-2005-4082.json index de0ec51578a..7d71751fdfd 100644 --- a/2005/4xxx/CVE-2005-4082.json +++ b/2005/4xxx/CVE-2005-4082.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051203 QNX 4.25 suided dhcp.client binary", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418513/100/0/threaded" - }, - { - "name" : "15785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15785" - }, - { - "name" : "17870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17870" - }, - { - "name" : "qnx-rtos-dhcpclient-dos(23543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15785" + }, + { + "name": "17870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17870" + }, + { + "name": "qnx-rtos-dhcpclient-dos(23543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23543" + }, + { + "name": "20051203 QNX 4.25 suided dhcp.client binary", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418513/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4817.json b/2005/4xxx/CVE-2005-4817.json index 2c92b53987e..fcbe0c8d53b 100644 --- a/2005/4xxx/CVE-2005-4817.json +++ b/2005/4xxx/CVE-2005-4817.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=355808", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=355808" - }, - { - "name" : "14810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14810" - }, - { - "name" : "ADV-2005-1709", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1709" - }, - { - "name" : "19311", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=19311" - }, - { - "name" : "16752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16752" - }, - { - "name" : "tmsnc-uic-format-string(22242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tmsnc-uic-format-string(22242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22242" + }, + { + "name": "16752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16752" + }, + { + "name": "14810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14810" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=355808", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=355808" + }, + { + "name": "19311", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19311" + }, + { + "name": "ADV-2005-1709", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1709" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2095.json b/2009/2xxx/CVE-2009-2095.json index 0a502e86798..724f6e4eba0 100644 --- a/2009/2xxx/CVE-2009-2095.json +++ b/2009/2xxx/CVE-2009-2095.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8948", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8948", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8948" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2428.json b/2009/2xxx/CVE-2009-2428.json index c17a26ca817..44bd84d50c8 100644 --- a/2009/2xxx/CVE-2009-2428.json +++ b/2009/2xxx/CVE-2009-2428.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt" - }, - { - "name" : "35725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35725" - }, - { - "name" : "ADV-2009-1823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1823" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt" + }, + { + "name": "35725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35725" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2734.json b/2009/2xxx/CVE-2009-2734.json index 28cc0eee51b..087414bdbcc 100644 --- a/2009/2xxx/CVE-2009-2734.json +++ b/2009/2xxx/CVE-2009-2734.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091013 [BONSAI] SQL Injection in Achievo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507131/100/0/threaded" - }, - { - "name" : "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt", - "refsource" : "MISC", - "url" : "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt" - }, - { - "name" : "http://www.achievo.org/download/releasenotes/1_4_0", - "refsource" : "CONFIRM", - "url" : "http://www.achievo.org/download/releasenotes/1_4_0" - }, - { - "name" : "36660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36660" - }, - { - "name" : "1023017", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023017" - }, - { - "name" : "37035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37035" - }, - { - "name" : "achievo-dispatch-sql-injection(53743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091013 [BONSAI] SQL Injection in Achievo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded" + }, + { + "name": "36660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36660" + }, + { + "name": "achievo-dispatch-sql-injection(53743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743" + }, + { + "name": "37035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37035" + }, + { + "name": "1023017", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023017" + }, + { + "name": "http://www.achievo.org/download/releasenotes/1_4_0", + "refsource": "CONFIRM", + "url": "http://www.achievo.org/download/releasenotes/1_4_0" + }, + { + "name": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt", + "refsource": "MISC", + "url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2801.json b/2009/2xxx/CVE-2009-2801.json index 8db0f27f753..3721d308795 100644 --- a/2009/2xxx/CVE-2009-2801.json +++ b/2009/2xxx/CVE-2009-2801.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a \"timing issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a \"timing issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2932.json b/2009/2xxx/CVE-2009-2932.json index ecc74f6df81..f49567886b0 100644 --- a/2009/2xxx/CVE-2009-2932.json +++ b/2009/2xxx/CVE-2009-2932.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090812 [DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505697/100/0/threaded" - }, - { - "name" : "http://www.dsecrg.com/pages/vul/show.php?id=133", - "refsource" : "MISC", - "url" : "http://www.dsecrg.com/pages/vul/show.php?id=133" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1322098", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/1322098" - }, - { - "name" : "36034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36034" - }, - { - "name" : "57000", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57000" - }, - { - "name" : "1022731", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022731" - }, - { - "name" : "36228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36228" - }, - { - "name" : "netweaver-uddi-xss(52429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57000", + "refsource": "OSVDB", + "url": "http://osvdb.org/57000" + }, + { + "name": "http://www.dsecrg.com/pages/vul/show.php?id=133", + "refsource": "MISC", + "url": "http://www.dsecrg.com/pages/vul/show.php?id=133" + }, + { + "name": "netweaver-uddi-xss(52429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52429" + }, + { + "name": "20090812 [DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505697/100/0/threaded" + }, + { + "name": "1022731", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022731" + }, + { + "name": "https://service.sap.com/sap/support/notes/1322098", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/1322098" + }, + { + "name": "36034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36034" + }, + { + "name": "36228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36228" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3381.json b/2009/3xxx/CVE-2009-3381.json index 147ffc9a5d8..81b1d4cf6dd 100644 --- a/2009/3xxx/CVE-2009-3381.json +++ b/2009/3xxx/CVE-2009-3381.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502168", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502168" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503196", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503196" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508057", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508057" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=513394", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=513394" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516709", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516709" - }, - { - "name" : "272909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" - }, - { - "name" : "oval:org.mitre.oval:def:6495", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6495" - }, - { - "name" : "ADV-2009-3334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6495", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6495" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=502168", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=502168" + }, + { + "name": "272909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=503196", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503196" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516709", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516709" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=508057", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=508057" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=513394", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=513394" + }, + { + "name": "ADV-2009-3334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3334" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3647.json b/2009/3xxx/CVE-2009-3647.json index a046a8dd551..3a7ab5dd635 100644 --- a/2009/3xxx/CVE-2009-3647.json +++ b/2009/3xxx/CVE-2009-3647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36413" - }, - { - "name" : "megafile-emaillinks-xss(53642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36413" + }, + { + "name": "megafile-emaillinks-xss(53642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3932.json b/2009/3xxx/CVE-2009-3932.json index ee486ebd9a3..848dbc3eea8 100644 --- a/2009/3xxx/CVE-2009-3932.json +++ b/2009/3xxx/CVE-2009-3932.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting \"SQL metadata into a bad state.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=26179", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=26179" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html" - }, - { - "name" : "36947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36947" - }, - { - "name" : "59743", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59743" - }, - { - "name" : "37273", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37273" - }, - { - "name" : "ADV-2009-3159", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting \"SQL metadata into a bad state.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html" + }, + { + "name": "59743", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59743" + }, + { + "name": "37273", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37273" + }, + { + "name": "ADV-2009-3159", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3159" + }, + { + "name": "36947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36947" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=26179", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=26179" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4348.json b/2009/4xxx/CVE-2009-4348.json index a4b6f31a6f2..ebec27591bc 100644 --- a/2009/4xxx/CVE-2009-4348.json +++ b/2009/4xxx/CVE-2009-4348.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10466", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10466" - }, - { - "name" : "37792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10466", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10466" + }, + { + "name": "37792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37792" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0010.json b/2015/0xxx/CVE-2015-0010.json index 461388f73c2..39a63c8769c 100644 --- a/2015/0xxx/CVE-2015-0010.json +++ b/2015/0xxx/CVE-2015-0010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka \"CNG Security Feature Bypass Vulnerability\" or MSRC ID 20707." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=128", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=128" - }, - { - "name" : "MS15-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010" - }, - { - "name" : "72461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka \"CNG Security Feature Bypass Vulnerability\" or MSRC ID 20707." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010" + }, + { + "name": "72461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72461" + }, + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=128", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=128" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0388.json b/2015/0xxx/CVE-2015-0388.json index ed7ce4fb79d..09e813ffcec 100644 --- a/2015/0xxx/CVE-2015-0388.json +++ b/2015/0xxx/CVE-2015-0388.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72209" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - }, - { - "name" : "oracle-cpujan2015-cve20150388(100130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72209" + }, + { + "name": "oracle-cpujan2015-cve20150388(100130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100130" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0581.json b/2015/0xxx/CVE-2015-0581.json index 0fae12a4d1f..e8b86f27ff0 100644 --- a/2015/0xxx/CVE-2015-0581.json +++ b/2015/0xxx/CVE-2015-0581.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150128 Cisco Prime Service Catalog XML External Entity Processing Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee" - }, - { - "name" : "72350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72350" - }, - { - "name" : "1031658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150128 Cisco Prime Service Catalog XML External Entity Processing Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee" + }, + { + "name": "72350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72350" + }, + { + "name": "1031658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031658" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0816.json b/2015/0xxx/CVE-2015-0816.json index 0655591f4a6..3dda84d5d69 100644 --- a/2015/0xxx/CVE-2015-0816.json +++ b/2015/0xxx/CVE-2015-0816.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37958", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37958/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3211", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3211" - }, - { - "name" : "DSA-3212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3212" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "RHSA-2015:0766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html" - }, - { - "name" : "RHSA-2015:0771", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html" - }, - { - "name" : "SUSE-SU-2015:0704", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2015:1266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" - }, - { - "name" : "openSUSE-SU-2015:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "USN-2552-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2552-1" - }, - { - "name" : "73461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73461" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - }, - { - "name" : "1032000", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "73461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73461" + }, + { + "name": "openSUSE-SU-2015:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "DSA-3212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3212" + }, + { + "name": "37958", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37958/" + }, + { + "name": "SUSE-SU-2015:0704", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" + }, + { + "name": "USN-2552-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2552-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991" + }, + { + "name": "RHSA-2015:0766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "openSUSE-SU-2015:1266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "1032000", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032000" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + }, + { + "name": "RHSA-2015:0771", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html" + }, + { + "name": "DSA-3211", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3211" + } + ] + } +} \ No newline at end of file diff --git a/2015/1000xxx/CVE-2015-1000004.json b/2015/1000xxx/CVE-2015-1000004.json index 6a00e550f98..9a378a64ea5 100644 --- a/2015/1000xxx/CVE-2015-1000004.json +++ b/2015/1000xxx/CVE-2015-1000004.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1000004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS in filedownload v1.4 wordpress plugin" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1000004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=140", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=140" - }, - { - "name" : "97107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in filedownload v1.4 wordpress plugin" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=140", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=140" + }, + { + "name": "97107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97107" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1415.json b/2015/1xxx/CVE-2015-1415.json index 9331165719a..6bbc322967a 100644 --- a/2015/1xxx/CVE-2015-1415.json +++ b/2015/1xxx/CVE-2015-1415.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535209/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html" - }, - { - "name" : "FreeBSD-SA-15:08", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc" - }, - { - "name" : "1032042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032042" + }, + { + "name": "FreeBSD-SA-15:08", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc" + }, + { + "name": "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535209/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1709.json b/2015/1xxx/CVE-2015-1709.json index c86c8a35596..5221c04a3fa 100644 --- a/2015/1xxx/CVE-2015-1709.json +++ b/2015/1xxx/CVE-2015-1709.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" - }, - { - "name" : "74512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74512" - }, - { - "name" : "1032282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032282" + }, + { + "name": "74512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74512" + }, + { + "name": "MS15-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1856.json b/2015/1xxx/CVE-2015-1856.json index 273992018a9..edaa7da37ba 100644 --- a/2015/1xxx/CVE-2015-1856.json +++ b/2015/1xxx/CVE-2015-1856.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1430645", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1430645" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "FEDORA-2015-12245", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html" - }, - { - "name" : "RHSA-2015:1681", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1681.html" - }, - { - "name" : "RHSA-2015:1684", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1684.html" - }, - { - "name" : "RHSA-2015:1845", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1845.html" - }, - { - "name" : "RHSA-2015:1846", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1846.html" - }, - { - "name" : "SUSE-SU-2015:1846", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" - }, - { - "name" : "USN-2704-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2704-1" - }, - { - "name" : "74182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1845", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1430645", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1430645" + }, + { + "name": "SUSE-SU-2015:1846", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" + }, + { + "name": "RHSA-2015:1846", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html" + }, + { + "name": "RHSA-2015:1681", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "USN-2704-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2704-1" + }, + { + "name": "74182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74182" + }, + { + "name": "FEDORA-2015-12245", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html" + }, + { + "name": "[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html" + }, + { + "name": "RHSA-2015:1684", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4030.json b/2015/4xxx/CVE-2015-4030.json index c94df2a550a..e6dc98fd53c 100644 --- a/2015/4xxx/CVE-2015-4030.json +++ b/2015/4xxx/CVE-2015-4030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4223.json b/2015/4xxx/CVE-2015-4223.json index 93a99eeade3..c549fa3f3c0 100644 --- a/2015/4xxx/CVE-2015-4223.json +++ b/2015/4xxx/CVE-2015-4223.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150624 Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39509" - }, - { - "name" : "75399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75399" - }, - { - "name" : "1032715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032715" + }, + { + "name": "75399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75399" + }, + { + "name": "20150624 Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39509" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4450.json b/2015/4xxx/CVE-2015-4450.json index 5cdb5b13597..b47dbe2c9b9 100644 --- a/2015/4xxx/CVE-2015-4450.json +++ b/2015/4xxx/CVE-2015-4450.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-4450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75742" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75742" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4729.json b/2015/4xxx/CVE-2015-4729.json index 0c8512cc777..a818de4141a 100644 --- a/2015/4xxx/CVE-2015-4729.json +++ b/2015/4xxx/CVE-2015-4729.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "RHSA-2015:1241", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1241.html" - }, - { - "name" : "RHSA-2015:1242", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1242.html" - }, - { - "name" : "RHSA-2015:1485", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html" - }, - { - "name" : "RHSA-2015:1488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html" - }, - { - "name" : "SUSE-SU-2015:1319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" - }, - { - "name" : "SUSE-SU-2015:1320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" - }, - { - "name" : "openSUSE-SU-2015:1288", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" - }, - { - "name" : "openSUSE-SU-2015:1289", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" - }, - { - "name" : "75892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75892" - }, - { - "name" : "1032910", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "1032910", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032910" + }, + { + "name": "RHSA-2015:1485", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html" + }, + { + "name": "75892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75892" + }, + { + "name": "openSUSE-SU-2015:1289", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "RHSA-2015:1242", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html" + }, + { + "name": "RHSA-2015:1488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html" + }, + { + "name": "SUSE-SU-2015:1319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" + }, + { + "name": "SUSE-SU-2015:1320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" + }, + { + "name": "openSUSE-SU-2015:1288", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" + }, + { + "name": "RHSA-2015:1241", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4859.json b/2015/4xxx/CVE-2015-4859.json index 2dd9ccec387..1f035a803b7 100644 --- a/2015/4xxx/CVE-2015-4859.json +++ b/2015/4xxx/CVE-2015-4859.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033897" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5305.json b/2015/5xxx/CVE-2015-5305.json index bd276cf335c..428a6f461da 100644 --- a/2015/5xxx/CVE-2015-5305.json +++ b/2015/5xxx/CVE-2015-5305.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273969" - }, - { - "name" : "RHSA-2015:1945", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:1945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969" + }, + { + "name": "RHSA-2015:1945", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:1945" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2037.json b/2018/2xxx/CVE-2018-2037.json index 9638b5e0c78..031ada6a20e 100644 --- a/2018/2xxx/CVE-2018-2037.json +++ b/2018/2xxx/CVE-2018-2037.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2037", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2037", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2542.json b/2018/2xxx/CVE-2018-2542.json index f44ca952719..f0a11dd59fa 100644 --- a/2018/2xxx/CVE-2018-2542.json +++ b/2018/2xxx/CVE-2018-2542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3160.json b/2018/3xxx/CVE-2018-3160.json index bf8e803b2ef..cc5f366057c 100644 --- a/2018/3xxx/CVE-2018-3160.json +++ b/2018/3xxx/CVE-2018-3160.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Cruise Shipboard Property Management System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Shipboard Property Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105632" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3167.json b/2018/3xxx/CVE-2018-3167.json index bf13d817c92..bc60e402e38 100644 --- a/2018/3xxx/CVE-2018-3167.json +++ b/2018/3xxx/CVE-2018-3167.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Management Pack for Oracle E-Business Suite", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Management Pack for Oracle E-Business Suite", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105627" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105627" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3744.json b/2018/3xxx/CVE-2018-3744.json index 1398c3c0123..8bb55010cdc 100644 --- a/2018/3xxx/CVE-2018-3744.json +++ b/2018/3xxx/CVE-2018-3744.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "html-pages node module", - "version" : { - "version_data" : [ - { - "version_value" : "Not fixed" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal: '.../...//' (CWE-35)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "html-pages node module", + "version": { + "version_data": [ + { + "version_value": "Not fixed" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/danielcardoso/html-pages/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/danielcardoso/html-pages/issues/2" - }, - { - "name" : "https://hackerone.com/reports/306607", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/306607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal: '.../...//' (CWE-35)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/306607", + "refsource": "MISC", + "url": "https://hackerone.com/reports/306607" + }, + { + "name": "https://github.com/danielcardoso/html-pages/issues/2", + "refsource": "MISC", + "url": "https://github.com/danielcardoso/html-pages/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3866.json b/2018/3xxx/CVE-2018-3866.json index 03843b470f5..589088a0a87 100644 --- a/2018/3xxx/CVE-2018-3866.json +++ b/2018/3xxx/CVE-2018-3866.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung", - "version" : { - "version_data" : [ - { - "version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung", + "version": { + "version_data": [ + { + "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3972.json b/2018/3xxx/CVE-2018-3972.json index b704499427f..fd3db7204ed 100644 --- a/2018/3xxx/CVE-2018-3972.json +++ b/2018/3xxx/CVE-2018-3972.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-09-25T00:00:00", - "ID" : "CVE-2018-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Epee", - "version" : { - "version_data" : [ - { - "version_value" : "as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700)" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/sabelnikov" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-09-25T00:00:00", + "ID": "CVE-2018-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Epee", + "version": { + "version_data": [ + { + "version_value": "as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700)" + } + ] + } + } + ] + }, + "vendor_name": "https://github.com/sabelnikov" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html", - "refsource" : "MISC", - "url" : "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html" - }, - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637" + }, + { + "name": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html", + "refsource": "MISC", + "url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3998.json b/2018/3xxx/CVE-2018-3998.json index 0be79ade340..c0431b054e8 100644 --- a/2018/3xxx/CVE-2018-3998.json +++ b/2018/3xxx/CVE-2018-3998.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlantis Word Processor", - "version" : { - "version_data" : [ - { - "version_value" : "3.2.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Atlantis Word Processor Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlantis Word Processor", + "version": { + "version_data": [ + { + "version_value": "3.2.5.0" + } + ] + } + } + ] + }, + "vendor_name": "The Atlantis Word Processor Team" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6403.json b/2018/6xxx/CVE-2018-6403.json index cb38bed18f3..b412698d70c 100644 --- a/2018/6xxx/CVE-2018-6403.json +++ b/2018/6xxx/CVE-2018-6403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6403", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6403", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6485.json b/2018/6xxx/CVE-2018-6485.json index f7d9593c63d..49c3100f105 100644 --- a/2018/6xxx/CVE-2018-6485.json +++ b/2018/6xxx/CVE-2018-6485.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/878159", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/878159" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" - }, - { - "name" : "RHSA-2018:3092", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3092" - }, - { - "name" : "102912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" + }, + { + "name": "102912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102912" + }, + { + "name": "http://bugs.debian.org/878159", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/878159" + }, + { + "name": "RHSA-2018:3092", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3092" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6518.json b/2018/6xxx/CVE-2018-6518.json index 5e71baf5919..a6752528dc5 100644 --- a/2018/6xxx/CVE-2018-6518.json +++ b/2018/6xxx/CVE-2018-6518.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS", - "refsource" : "MISC", - "url" : "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS", + "refsource": "MISC", + "url": "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6540.json b/2018/6xxx/CVE-2018-6540.json index 4919c92a773..13a630b6326 100644 --- a/2018/6xxx/CVE-2018-6540.json +++ b/2018/6xxx/CVE-2018-6540.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gdraheim/zziplib/issues/15", - "refsource" : "MISC", - "url" : "https://github.com/gdraheim/zziplib/issues/15" - }, - { - "name" : "USN-3699-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3699-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3699-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3699-1/" + }, + { + "name": "https://github.com/gdraheim/zziplib/issues/15", + "refsource": "MISC", + "url": "https://github.com/gdraheim/zziplib/issues/15" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6849.json b/2018/6xxx/CVE-2018-6849.json index 76b03363d74..e8429dbfacd 100644 --- a/2018/6xxx/CVE-2018-6849.json +++ b/2018/6xxx/CVE-2018-6849.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44403", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44403/" - }, - { - "name" : "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html", - "refsource" : "MISC", - "url" : "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/9538", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/9538" - }, - { - "name" : "https://news.ycombinator.com/item?id=16699270", - "refsource" : "MISC", - "url" : "https://news.ycombinator.com/item?id=16699270" - }, - { - "name" : "https://voidsec.com/vpn-leak/", - "refsource" : "MISC", - "url" : "https://voidsec.com/vpn-leak/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rapid7/metasploit-framework/pull/9538", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/9538" + }, + { + "name": "https://voidsec.com/vpn-leak/", + "refsource": "MISC", + "url": "https://voidsec.com/vpn-leak/" + }, + { + "name": "44403", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44403/" + }, + { + "name": "https://news.ycombinator.com/item?id=16699270", + "refsource": "MISC", + "url": "https://news.ycombinator.com/item?id=16699270" + }, + { + "name": "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html", + "refsource": "MISC", + "url": "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7007.json b/2018/7xxx/CVE-2018-7007.json index 0f888e2ce42..80ae2093bc3 100644 --- a/2018/7xxx/CVE-2018-7007.json +++ b/2018/7xxx/CVE-2018-7007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7007", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7007", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7710.json b/2018/7xxx/CVE-2018-7710.json index c7a72126f91..a9499bc68fa 100644 --- a/2018/7xxx/CVE-2018-7710.json +++ b/2018/7xxx/CVE-2018-7710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7996.json b/2018/7xxx/CVE-2018-7996.json index a2618781c30..7901e9030ef 100644 --- a/2018/7xxx/CVE-2018-7996.json +++ b/2018/7xxx/CVE-2018-7996.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069" + } + ] + } +} \ No newline at end of file