From e008aa96f0f69d28b4ae5f28ed087e313e212018 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:22:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1558.json | 140 +++++++------- 2005/2xxx/CVE-2005-2323.json | 180 +++++++++--------- 2005/2xxx/CVE-2005-2601.json | 140 +++++++------- 2005/2xxx/CVE-2005-2669.json | 170 ++++++++--------- 2005/2xxx/CVE-2005-2879.json | 130 ++++++------- 2005/2xxx/CVE-2005-2897.json | 130 ++++++------- 2005/3xxx/CVE-2005-3391.json | 360 +++++++++++++++++------------------ 2005/3xxx/CVE-2005-3705.json | 190 +++++++++--------- 2005/3xxx/CVE-2005-3832.json | 200 +++++++++---------- 2005/4xxx/CVE-2005-4073.json | 160 ++++++++-------- 2005/4xxx/CVE-2005-4170.json | 200 +++++++++---------- 2005/4xxx/CVE-2005-4196.json | 230 +++++++++++----------- 2009/2xxx/CVE-2009-2952.json | 150 +++++++-------- 2009/3xxx/CVE-2009-3545.json | 140 +++++++------- 2009/3xxx/CVE-2009-3783.json | 160 ++++++++-------- 2009/3xxx/CVE-2009-3864.json | 190 +++++++++--------- 2009/4xxx/CVE-2009-4019.json | 330 ++++++++++++++++---------------- 2009/4xxx/CVE-2009-4462.json | 180 +++++++++--------- 2009/4xxx/CVE-2009-4983.json | 130 ++++++------- 2015/0xxx/CVE-2015-0358.json | 200 +++++++++---------- 2015/0xxx/CVE-2015-0448.json | 130 ++++++------- 2015/0xxx/CVE-2015-0635.json | 130 ++++++------- 2015/1xxx/CVE-2015-1891.json | 34 ++-- 2015/1xxx/CVE-2015-1964.json | 140 +++++++------- 2015/4xxx/CVE-2015-4194.json | 140 +++++++------- 2015/4xxx/CVE-2015-4215.json | 140 +++++++------- 2015/4xxx/CVE-2015-4631.json | 220 ++++++++++----------- 2015/5xxx/CVE-2015-5299.json | 340 ++++++++++++++++----------------- 2018/2xxx/CVE-2018-2002.json | 34 ++-- 2018/2xxx/CVE-2018-2117.json | 34 ++-- 2018/2xxx/CVE-2018-2175.json | 34 ++-- 2018/3xxx/CVE-2018-3236.json | 182 +++++++++--------- 2018/3xxx/CVE-2018-3362.json | 34 ++-- 2018/3xxx/CVE-2018-3413.json | 34 ++-- 2018/3xxx/CVE-2018-3760.json | 182 +++++++++--------- 2018/6xxx/CVE-2018-6178.json | 172 ++++++++--------- 2018/6xxx/CVE-2018-6312.json | 120 ++++++------ 2018/6xxx/CVE-2018-6460.json | 130 ++++++------- 2018/7xxx/CVE-2018-7286.json | 170 ++++++++--------- 2018/7xxx/CVE-2018-7296.json | 120 ++++++------ 2018/7xxx/CVE-2018-7386.json | 34 ++-- 41 files changed, 3132 insertions(+), 3132 deletions(-) diff --git a/1999/1xxx/CVE-1999-1558.json b/1999/1xxx/CVE-1999-1558.json index 87e375a9c98..6662cdccf03 100644 --- a/1999/1xxx/CVE-1999-1558.json +++ b/1999/1xxx/CVE-1999-1558.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "I-071A", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/i-071a.shtml" - }, - { - "name" : "161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/161" - }, - { - "name" : "openvms-loginout-unauth-access(7151)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7151.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/161" + }, + { + "name": "openvms-loginout-unauth-access(7151)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7151.php" + }, + { + "name": "I-071A", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/i-071a.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2323.json b/2005/2xxx/CVE-2005-2323.json index 171a497aa7e..93e3568b262 100644 --- a/2005/2xxx/CVE-2005-2323.json +++ b/2005/2xxx/CVE-2005-2323.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html" - }, - { - "name" : "17921", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17921" - }, - { - "name" : "17922", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17922" - }, - { - "name" : "17923", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17923" - }, - { - "name" : "1014485", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014485" - }, - { - "name" : "1014486", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014486" - }, - { - "name" : "16078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16078" + }, + { + "name": "17923", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17923" + }, + { + "name": "1014485", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014485" + }, + { + "name": "17921", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17921" + }, + { + "name": "1014486", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014486" + }, + { + "name": "http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html" + }, + { + "name": "17922", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17922" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2601.json b/2005/2xxx/CVE-2005-2601.json index 4ec8d287f43..b017bc81e99 100644 --- a/2005/2xxx/CVE-2005-2601.json +++ b/2005/2xxx/CVE-2005-2601.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://systemsecure.org/ssforum/viewtopic.php?t=30", - "refsource" : "MISC", - "url" : "http://systemsecure.org/ssforum/viewtopic.php?t=30" - }, - { - "name" : "14544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14544" - }, - { - "name" : "1014660", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14544" + }, + { + "name": "http://systemsecure.org/ssforum/viewtopic.php?t=30", + "refsource": "MISC", + "url": "http://systemsecure.org/ssforum/viewtopic.php?t=30" + }, + { + "name": "1014660", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014660" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2669.json b/2005/2xxx/CVE-2005-2669.json index 01a040b5f38..ac69fa284ca 100644 --- a/2005/2xxx/CVE-2005-2669.json +++ b/2005/2xxx/CVE-2005-2669.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919", - "refsource" : "MISC", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919" - }, - { - "name" : "14623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14623" - }, - { - "name" : "ADV-2005-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1482" - }, - { - "name" : "18917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18917" - }, - { - "name" : "16513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919", + "refsource": "MISC", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919" + }, + { + "name": "18917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18917" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp" + }, + { + "name": "16513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16513" + }, + { + "name": "14623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14623" + }, + { + "name": "ADV-2005-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1482" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2879.json b/2005/2xxx/CVE-2005-2879.json index e2083f6c3e2..8585a570222 100644 --- a/2005/2xxx/CVE-2005-2879.json +++ b/2005/2xxx/CVE-2005-2879.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050905 USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112606328118852&w=2" - }, - { - "name" : "http://www.shadock.net/secubox/.data/adv_usblock/", - "refsource" : "MISC", - "url" : "http://www.shadock.net/secubox/.data/adv_usblock/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050905 USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112606328118852&w=2" + }, + { + "name": "http://www.shadock.net/secubox/.data/adv_usblock/", + "refsource": "MISC", + "url": "http://www.shadock.net/secubox/.data/adv_usblock/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2897.json b/2005/2xxx/CVE-2005-2897.json index eb678d28d44..024035453e4 100644 --- a/2005/2xxx/CVE-2005-2897.json +++ b/2005/2xxx/CVE-2005-2897.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050907 [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112611504519410&w=2" - }, - { - "name" : "16727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16727/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050907 [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112611504519410&w=2" + }, + { + "name": "16727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16727/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3391.json b/2005/3xxx/CVE-2005-3391.json index 02f30dee01d..86a672a5993 100644 --- a/2005/3xxx/CVE-2005-3391.json +++ b/2005/3xxx/CVE-2005-3391.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/release_4_4_1.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_4_1.php" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=303382", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303382" - }, - { - "name" : "APPLE-SA-2006-03-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" - }, - { - "name" : "GLSA-200511-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" - }, - { - "name" : "HPSBMA02159", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "SSRT061238", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "MDKSA-2006:035", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035" - }, - { - "name" : "OpenPKG-SA-2005.027", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" - }, - { - "name" : "SUSE-SA:2005:069", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419504/100/0/threaded" - }, - { - "name" : "USN-232-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-232-1/" - }, - { - "name" : "TA06-062A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" - }, - { - "name" : "15411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15411" - }, - { - "name" : "16907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16907" - }, - { - "name" : "ADV-2005-2254", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2254" - }, - { - "name" : "ADV-2006-0791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0791" - }, - { - "name" : "ADV-2006-4320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4320" - }, - { - "name" : "20898", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20898" - }, - { - "name" : "17371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17371" - }, - { - "name" : "18054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18054" - }, - { - "name" : "18198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18198" - }, - { - "name" : "18763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18763" - }, - { - "name" : "19064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19064" - }, - { - "name" : "17510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17510" - }, - { - "name" : "22691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22691" - }, - { - "name" : "525", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22691" + }, + { + "name": "18198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18198" + }, + { + "name": "SSRT061238", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "HPSBMA02159", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "20898", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20898" + }, + { + "name": "525", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/525" + }, + { + "name": "19064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19064" + }, + { + "name": "18054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18054" + }, + { + "name": "ADV-2005-2254", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2254" + }, + { + "name": "16907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16907" + }, + { + "name": "17371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17371" + }, + { + "name": "ADV-2006-0791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0791" + }, + { + "name": "ADV-2006-4320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4320" + }, + { + "name": "APPLE-SA-2006-03-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html" + }, + { + "name": "SUSE-SA:2005:069", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419504/100/0/threaded" + }, + { + "name": "MDKSA-2006:035", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035" + }, + { + "name": "18763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18763" + }, + { + "name": "http://www.php.net/release_4_4_1.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_4_1.php" + }, + { + "name": "TA06-062A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" + }, + { + "name": "15411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15411" + }, + { + "name": "17510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17510" + }, + { + "name": "OpenPKG-SA-2005.027", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" + }, + { + "name": "GLSA-200511-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" + }, + { + "name": "USN-232-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-232-1/" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303382", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303382" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3705.json b/2005/3xxx/CVE-2005-3705.json index ba08c7afc2f..d75a37bf07d 100644 --- a/2005/3xxx/CVE-2005-3705.json +++ b/2005/3xxx/CVE-2005-3705.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-11-29", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=302847" - }, - { - "name" : "15647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15647" - }, - { - "name" : "29011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29011" - }, - { - "name" : "ADV-2005-2659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2659" - }, - { - "name" : "21276", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21276" - }, - { - "name" : "1015294", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015294" - }, - { - "name" : "17813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17813" - }, - { - "name" : "safari-webkit-code-execution(23342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17813" + }, + { + "name": "ADV-2005-2659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2659" + }, + { + "name": "safari-webkit-code-execution(23342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23342" + }, + { + "name": "21276", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21276" + }, + { + "name": "1015294", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015294" + }, + { + "name": "APPLE-SA-2005-11-29", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=302847" + }, + { + "name": "29011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29011" + }, + { + "name": "15647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15647" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3832.json b/2005/3xxx/CVE-2005-3832.json index 64b04dc3ec2..3449618deff 100644 --- a/2005/3xxx/CVE-2005-3832.json +++ b/2005/3xxx/CVE-2005-3832.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051124 Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417588/30/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-60/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-60/advisory" - }, - { - "name" : "ADV-2005-2570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2570" - }, - { - "name" : "21073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21073" - }, - { - "name" : "1015265", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015265" - }, - { - "name" : "1015266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015266" - }, - { - "name" : "1015267", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015267" - }, - { - "name" : "17420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17420" - }, - { - "name" : "204", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-60/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-60/advisory" + }, + { + "name": "1015265", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015265" + }, + { + "name": "ADV-2005-2570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2570" + }, + { + "name": "1015267", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015267" + }, + { + "name": "20051124 Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417588/30/0/threaded" + }, + { + "name": "204", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/204" + }, + { + "name": "21073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21073" + }, + { + "name": "17420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17420" + }, + { + "name": "1015266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015266" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4073.json b/2005/4xxx/CVE-2005-4073.json index b627914299c..f9788a3ce2b 100644 --- a/2005/4xxx/CVE-2005-4073.json +++ b/2005/4xxx/CVE-2005-4073.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html" - }, - { - "name" : "15774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15774" - }, - { - "name" : "ADV-2005-2793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2793" - }, - { - "name" : "21504", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21504" - }, - { - "name" : "17937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17937" + }, + { + "name": "ADV-2005-2793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2793" + }, + { + "name": "21504", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21504" + }, + { + "name": "15774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15774" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/magic-list-pro-25-sql-inj-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4170.json b/2005/4xxx/CVE-2005-4170.json index e1f9cb1860b..c3e83dc7cfc 100644 --- a/2005/4xxx/CVE-2005-4170.json +++ b/2005/4xxx/CVE-2005-4170.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 eFiction <= 2.0 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" - }, - { - "name" : "http://rgod.altervista.org/efiction2_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/efiction2_xpl.html" - }, - { - "name" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", - "refsource" : "CONFIRM", - "url" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" - }, - { - "name" : "15568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15568" - }, - { - "name" : "ADV-2005-2606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2606" - }, - { - "name" : "21122", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21122" - }, - { - "name" : "1015273", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015273" - }, - { - "name" : "17777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17777" - }, - { - "name" : "efiction-multiple-scripts-sql-injection(23373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "efiction-multiple-scripts-sql-injection(23373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23373" + }, + { + "name": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", + "refsource": "CONFIRM", + "url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" + }, + { + "name": "21122", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21122" + }, + { + "name": "15568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15568" + }, + { + "name": "ADV-2005-2606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2606" + }, + { + "name": "http://rgod.altervista.org/efiction2_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/efiction2_xpl.html" + }, + { + "name": "17777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17777" + }, + { + "name": "1015273", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015273" + }, + { + "name": "20051125 eFiction <= 2.0 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4196.json b/2005/4xxx/CVE-2005-4196.json index 6d15f22ea59..4e05c0b3ea0 100644 --- a/2005/4xxx/CVE-2005-4196.json +++ b/2005/4xxx/CVE-2005-4196.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt", - "refsource" : "MISC", - "url" : "http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt" - }, - { - "name" : "15818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15818" - }, - { - "name" : "ADV-2005-2844", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2844" - }, - { - "name" : "21630", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21630" - }, - { - "name" : "21631", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21631" - }, - { - "name" : "21632", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21632" - }, - { - "name" : "21633", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21633" - }, - { - "name" : "21634", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21634" - }, - { - "name" : "21635", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21635" - }, - { - "name" : "21636", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21636" - }, - { - "name" : "17979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17979" - }, - { - "name" : "scoutportal-xss(23545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21635", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21635" + }, + { + "name": "ADV-2005-2844", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2844" + }, + { + "name": "15818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15818" + }, + { + "name": "21633", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21633" + }, + { + "name": "17979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17979" + }, + { + "name": "21634", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21634" + }, + { + "name": "http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt", + "refsource": "MISC", + "url": "http://www.x-illusion.com/rs/Scout%20Portal%20Toolkit.txt" + }, + { + "name": "21632", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21632" + }, + { + "name": "21636", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21636" + }, + { + "name": "scoutportal-xss(23545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23545" + }, + { + "name": "21631", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21631" + }, + { + "name": "21630", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21630" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2952.json b/2009/2xxx/CVE-2009-2952.json index cc5bba86d92..c264fe48ca5 100644 --- a/2009/2xxx/CVE-2009-2952.json +++ b/2009/2xxx/CVE-2009-2952.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-09-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-09-1" - }, - { - "name" : "265248", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265248-1" - }, - { - "name" : "36106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36106" - }, - { - "name" : "oval:org.mitre.oval:def:6392", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6392", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6392" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-09-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-09-1" + }, + { + "name": "265248", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265248-1" + }, + { + "name": "36106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36106" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3545.json b/2009/3xxx/CVE-2009-3545.json index cb307242123..f081a9f6d81 100644 --- a/2009/3xxx/CVE-2009-3545.json +++ b/2009/3xxx/CVE-2009-3545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9664", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9664" - }, - { - "name" : "36391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36391" - }, - { - "name" : "ADV-2009-2655", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2655", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2655" + }, + { + "name": "9664", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9664" + }, + { + "name": "36391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36391" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3783.json b/2009/3xxx/CVE-2009-3783.json index c98f45f55ad..9ce75e736ba 100644 --- a/2009/3xxx/CVE-2009-3783.json +++ b/2009/3xxx/CVE-2009-3783.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/590098", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/590098" - }, - { - "name" : "http://drupal.org/node/611002", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/611002" - }, - { - "name" : "36790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36790" - }, - { - "name" : "37128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37128" - }, - { - "name" : "simplenews-unspecified-xss(53905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37128" + }, + { + "name": "http://drupal.org/node/611002", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/611002" + }, + { + "name": "http://drupal.org/node/590098", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/590098" + }, + { + "name": "36790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36790" + }, + { + "name": "simplenews-unspecified-xss(53905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53905" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3864.json b/2009/3xxx/CVE-2009-3864.json index df5d338d2d8..69de7e3c1b6 100644 --- a/2009/3xxx/CVE-2009-3864.json +++ b/2009/3xxx/CVE-2009-3864.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "269868", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1" - }, - { - "name" : "SUSE-SA:2009:058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" - }, - { - "name" : "36881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36881" - }, - { - "name" : "oval:org.mitre.oval:def:6753", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753" - }, - { - "name" : "37231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37231" - }, - { - "name" : "37239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37239" - }, - { - "name" : "ADV-2009-3131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36881" + }, + { + "name": "37231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37231" + }, + { + "name": "SUSE-SA:2009:058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" + }, + { + "name": "ADV-2009-3131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3131" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "37239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37239" + }, + { + "name": "269868", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1" + }, + { + "name": "oval:org.mitre.oval:def:6753", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4019.json b/2009/4xxx/CVE-2009-4019.json index 7774dcacb1c..4169e02c36f 100644 --- a/2009/4xxx/CVE-2009-4019.json +++ b/2009/4xxx/CVE-2009-4019.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091121 CVE Request - MySQL - 5.0.88", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125881733826437&w=2" - }, - { - "name" : "[oss-security] 20091121 Re: CVE Request - MySQL - 5.0.88", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125883754215621&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVE Request - MySQL - 5.0.88", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125901161824278&w=2" - }, - { - "name" : "http://bugs.mysql.com/47780", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/47780" - }, - { - "name" : "http://bugs.mysql.com/48291", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/48291" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=540906", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=540906" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-1997", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1997" - }, - { - "name" : "FEDORA-2009-12180", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html" - }, - { - "name" : "RHSA-2010:0109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0109.html" - }, - { - "name" : "SUSE-SR:2010:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" - }, - { - "name" : "USN-897-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-897-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "oval:org.mitre.oval:def:11349", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349" - }, - { - "name" : "oval:org.mitre.oval:def:8500", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500" - }, - { - "name" : "37717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37717" - }, - { - "name" : "38573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38573" - }, - { - "name" : "38517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38517" - }, - { - "name" : "ADV-2010-1107", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38573" + }, + { + "name": "http://bugs.mysql.com/48291", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/48291" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "[oss-security] 20091123 Re: CVE Request - MySQL - 5.0.88", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125901161824278&w=2" + }, + { + "name": "38517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38517" + }, + { + "name": "RHSA-2010:0109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html" + }, + { + "name": "ADV-2010-1107", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1107" + }, + { + "name": "FEDORA-2009-12180", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00764.html" + }, + { + "name": "USN-897-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-897-1" + }, + { + "name": "SUSE-SR:2010:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=540906", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540906" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html" + }, + { + "name": "oval:org.mitre.oval:def:11349", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11349" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "[oss-security] 20091121 CVE Request - MySQL - 5.0.88", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125881733826437&w=2" + }, + { + "name": "37717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37717" + }, + { + "name": "[oss-security] 20091121 Re: CVE Request - MySQL - 5.0.88", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125883754215621&w=2" + }, + { + "name": "http://bugs.mysql.com/47780", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/47780" + }, + { + "name": "oval:org.mitre.oval:def:8500", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8500" + }, + { + "name": "DSA-1997", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1997" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4462.json b/2009/4xxx/CVE-2009-4462.json index 3aa7c29418a..2a0f8615f90 100644 --- a/2009/4xxx/CVE-2009-4462.json +++ b/2009/4xxx/CVE-2009-4462.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091214 Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508449/100/0/threaded" - }, - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1" - }, - { - "name" : "http://blog.48bits.com/2009/12/12/exposing-hms-hicp-protocol-0day-light/", - "refsource" : "MISC", - "url" : "http://blog.48bits.com/2009/12/12/exposing-hms-hicp-protocol-0day-light/" - }, - { - "name" : "http://support.intellicom.se/getfile.cfm?FID=150&FPID=85", - "refsource" : "CONFIRM", - "url" : "http://support.intellicom.se/getfile.cfm?FID=150&FPID=85" - }, - { - "name" : "VU#181737", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/181737" - }, - { - "name" : "37325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37325" - }, - { - "name" : "ADV-2009-3542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#181737", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/181737" + }, + { + "name": "37325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37325" + }, + { + "name": "ADV-2009-3542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3542" + }, + { + "name": "http://blog.48bits.com/2009/12/12/exposing-hms-hicp-protocol-0day-light/", + "refsource": "MISC", + "url": "http://blog.48bits.com/2009/12/12/exposing-hms-hicp-protocol-0day-light/" + }, + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1" + }, + { + "name": "http://support.intellicom.se/getfile.cfm?FID=150&FPID=85", + "refsource": "CONFIRM", + "url": "http://support.intellicom.se/getfile.cfm?FID=150&FPID=85" + }, + { + "name": "20091214 Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508449/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4983.json b/2009/4xxx/CVE-2009-4983.json index ba88c6fa910..b74b78a4be5 100644 --- a/2009/4xxx/CVE-2009-4983.json +++ b/2009/4xxx/CVE-2009-4983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/silurus-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/silurus-xss.txt" - }, - { - "name" : "36124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0908-exploits/silurus-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/silurus-xss.txt" + }, + { + "name": "36124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36124" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0358.json b/2015/0xxx/CVE-2015-0358.json index b5e04fa65ca..4025cdeedae 100644 --- a/2015/0xxx/CVE-2015-0358.json +++ b/2015/0xxx/CVE-2015-0358.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" - }, - { - "name" : "GLSA-201504-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-07" - }, - { - "name" : "RHSA-2015:0813", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html" - }, - { - "name" : "SUSE-SU-2015:0722", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:0723", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" - }, - { - "name" : "openSUSE-SU-2015:0718", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0725", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" - }, - { - "name" : "74064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74064" - }, - { - "name" : "1032105", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0718", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" + }, + { + "name": "SUSE-SU-2015:0722", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" + }, + { + "name": "GLSA-201504-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-07" + }, + { + "name": "1032105", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032105" + }, + { + "name": "RHSA-2015:0813", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" + }, + { + "name": "openSUSE-SU-2015:0725", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" + }, + { + "name": "74064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74064" + }, + { + "name": "SUSE-SU-2015:0723", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0448.json b/2015/0xxx/CVE-2015-0448.json index 379446f4c87..4a59a1da43c 100644 --- a/2015/0xxx/CVE-2015-0448.json +++ b/2015/0xxx/CVE-2015-0448.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032132" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0635.json b/2015/0xxx/CVE-2015-0635.json index 85b47cf1d54..ec557f1507d 100644 --- a/2015/0xxx/CVE-2015-0635.json +++ b/2015/0xxx/CVE-2015-0635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150325 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani" - }, - { - "name" : "1031982", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150325 Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani" + }, + { + "name": "1031982", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031982" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1891.json b/2015/1xxx/CVE-2015-1891.json index 23f45f40e5f..e8f6abfef44 100644 --- a/2015/1xxx/CVE-2015-1891.json +++ b/2015/1xxx/CVE-2015-1891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1964.json b/2015/1xxx/CVE-2015-1964.json index 6e62072a17f..0a98fb336a3 100644 --- a/2015/1xxx/CVE-2015-1964.json +++ b/2015/1xxx/CVE-2015-1964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1965." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" - }, - { - "name" : "75457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75457" - }, - { - "name" : "1032773", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1965." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032773", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032773" + }, + { + "name": "75457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75457" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4194.json b/2015/4xxx/CVE-2015-4194.json index 730df8c894d..a5b82559472 100644 --- a/2015/4xxx/CVE-2015-4194.json +++ b/2015/4xxx/CVE-2015-4194.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150618 Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420" - }, - { - "name" : "75296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75296" - }, - { - "name" : "1032660", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150618 Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39420" + }, + { + "name": "75296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75296" + }, + { + "name": "1032660", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032660" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4215.json b/2015/4xxx/CVE-2015-4215.json index b62b0f94d75..38957ea8d75 100644 --- a/2015/4xxx/CVE-2015-4215.json +++ b/2015/4xxx/CVE-2015-4215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150623 Cisco Wireless LAN Controller IPv6 Packet Handling Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39472" - }, - { - "name" : "75369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75369" - }, - { - "name" : "1032697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75369" + }, + { + "name": "1032697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032697" + }, + { + "name": "20150623 Cisco Wireless LAN Controller IPv6 Packet Handling Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39472" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4631.json b/2015/4xxx/CVE-2015-4631.json index b882e1d6a4e..13d4b29eaa7 100644 --- a/2015/4xxx/CVE-2015-4631.json +++ b/2015/4xxx/CVE-2015-4631.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37389", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37389/" - }, - { - "name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2015/Jun/80" - }, - { - "name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html" - }, - { - "name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", - "refsource" : "MISC", - "url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/" - }, - { - "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", - "refsource" : "CONFIRM", - "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416" - }, - { - "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", - "refsource" : "CONFIRM", - "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418" - }, - { - "name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", - "refsource" : "CONFIRM", - "url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423" - }, - { - "name" : "https://koha-community.org/koha-3-14-16-released/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/koha-3-14-16-released/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-16-12/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-16-12/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-18-8/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-18-8/" - }, - { - "name" : "https://koha-community.org/security-release-koha-3-20-1/", - "refsource" : "CONFIRM", - "url" : "https://koha-community.org/security-release-koha-3-20-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html" + }, + { + "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418", + "refsource": "CONFIRM", + "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14418" + }, + { + "name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/", + "refsource": "MISC", + "url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/" + }, + { + "name": "37389", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37389/" + }, + { + "name": "https://koha-community.org/security-release-koha-3-16-12/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-16-12/" + }, + { + "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423", + "refsource": "CONFIRM", + "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423" + }, + { + "name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2015/Jun/80" + }, + { + "name": "https://koha-community.org/security-release-koha-3-18-8/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-18-8/" + }, + { + "name": "https://koha-community.org/security-release-koha-3-20-1/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/security-release-koha-3-20-1/" + }, + { + "name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416", + "refsource": "CONFIRM", + "url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14416" + }, + { + "name": "https://koha-community.org/koha-3-14-16-released/", + "refsource": "CONFIRM", + "url": "https://koha-community.org/koha-3-14-16-released/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5299.json b/2015/5xxx/CVE-2015-5299.json index ae9505a30c2..69d178920cb 100644 --- a/2015/5xxx/CVE-2015-5299.json +++ b/2015/5xxx/CVE-2015-5299.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1276126", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1276126" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-5299.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-5299.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3433" - }, - { - "name" : "FEDORA-2015-0e0879cc8a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" - }, - { - "name" : "FEDORA-2015-b36076d32e", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "SUSE-SU-2015:2304", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" - }, - { - "name" : "SUSE-SU-2015:2305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:0032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:2354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" - }, - { - "name" : "openSUSE-SU-2015:2356", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:0164", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" - }, - { - "name" : "USN-2855-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-2" - }, - { - "name" : "USN-2855-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-1" - }, - { - "name" : "79729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79729" - }, - { - "name" : "1034493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-0e0879cc8a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2855-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-2" + }, + { + "name": "SUSE-SU-2016:0032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" + }, + { + "name": "SUSE-SU-2015:2304", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:2305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" + }, + { + "name": "79729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79729" + }, + { + "name": "SUSE-SU-2016:0164", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" + }, + { + "name": "openSUSE-SU-2015:2354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" + }, + { + "name": "FEDORA-2015-b36076d32e", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "1034493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034493" + }, + { + "name": "DSA-3433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3433" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-5299.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-5299.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1276126", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276126" + }, + { + "name": "USN-2855-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-1" + }, + { + "name": "openSUSE-SU-2015:2356", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2002.json b/2018/2xxx/CVE-2018-2002.json index a36038dab7b..a2c5d895c49 100644 --- a/2018/2xxx/CVE-2018-2002.json +++ b/2018/2xxx/CVE-2018-2002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-2002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2117.json b/2018/2xxx/CVE-2018-2117.json index 0f25cb4a916..36561e43fdd 100644 --- a/2018/2xxx/CVE-2018-2117.json +++ b/2018/2xxx/CVE-2018-2117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2117", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2117", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2175.json b/2018/2xxx/CVE-2018-2175.json index 926b9cebe5b..4895f288024 100644 --- a/2018/2xxx/CVE-2018-2175.json +++ b/2018/2xxx/CVE-2018-2175.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2175", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2175", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3236.json b/2018/3xxx/CVE-2018-3236.json index 5e412224fdc..1b08c3b97f1 100644 --- a/2018/3xxx/CVE-2018-3236.json +++ b/2018/3xxx/CVE-2018-3236.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "User Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "User Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105620" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle User Management accessible data as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105620" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3362.json b/2018/3xxx/CVE-2018-3362.json index 3db1dd9b414..549bb02e9f3 100644 --- a/2018/3xxx/CVE-2018-3362.json +++ b/2018/3xxx/CVE-2018-3362.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3362", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3362", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3413.json b/2018/3xxx/CVE-2018-3413.json index 2886ce7ddeb..a1b406c0d72 100644 --- a/2018/3xxx/CVE-2018-3413.json +++ b/2018/3xxx/CVE-2018-3413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3760.json b/2018/3xxx/CVE-2018-3760.json index 216e44fed68..0f1cb835e3a 100644 --- a/2018/3xxx/CVE-2018-3760.json +++ b/2018/3xxx/CVE-2018-3760.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-06-19T00:00:00", - "ID" : "CVE-2018-3760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sprockets", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0.beta8, 3.7.2, 2.12.5" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-06-19T00:00:00", + "ID": "CVE-2018-3760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sprockets", + "version": { + "version_data": [ + { + "version_value": "4.0.0.beta8, 3.7.2, 2.12.5" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5", - "refsource" : "MISC", - "url" : "https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5" - }, - { - "name" : "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ" - }, - { - "name" : "DSA-4242", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4242" - }, - { - "name" : "RHSA-2018:2244", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2244" - }, - { - "name" : "RHSA-2018:2245", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2245" - }, - { - "name" : "RHSA-2018:2561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2561" - }, - { - "name" : "RHSA-2018:2745", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5", + "refsource": "MISC", + "url": "https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5" + }, + { + "name": "RHSA-2018:2745", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2745" + }, + { + "name": "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ" + }, + { + "name": "RHSA-2018:2244", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2244" + }, + { + "name": "RHSA-2018:2561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2561" + }, + { + "name": "RHSA-2018:2245", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2245" + }, + { + "name": "DSA-4242", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4242" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6178.json b/2018/6xxx/CVE-2018-6178.json index dfe03a986f3..accff1b380b 100644 --- a/2018/6xxx/CVE-2018-6178.json +++ b/2018/6xxx/CVE-2018-6178.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect security UI" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/823194", - "refsource" : "MISC", - "url" : "https://crbug.com/823194" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4256", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4256" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "RHSA-2018:2282", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2282" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:2282", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2282" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "DSA-4256", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4256" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + }, + { + "name": "https://crbug.com/823194", + "refsource": "MISC", + "url": "https://crbug.com/823194" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6312.json b/2018/6xxx/CVE-2018-6312.json index d8edbdcc8e9..88dc6a3c275 100644 --- a/2018/6xxx/CVE-2018-6312.json +++ b/2018/6xxx/CVE-2018-6312.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8", - "refsource" : "MISC", - "url" : "https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8", + "refsource": "MISC", + "url": "https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6460.json b/2018/6xxx/CVE-2018-6460.json index f0207ceebae..945def27dc9 100644 --- a/2018/6xxx/CVE-2018-6460.json +++ b/2018/6xxx/CVE-2018-6460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44042", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44042/" - }, - { - "name" : "https://blogs.securiteam.com/index.php/archives/3604", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.securiteam.com/index.php/archives/3604", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3604" + }, + { + "name": "44042", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44042/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7286.json b/2018/7xxx/CVE-2018-7286.json index ac83694354c..b659a6d815f 100644 --- a/2018/7xxx/CVE-2018-7286.json +++ b/2018/7xxx/CVE-2018-7286.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44181", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44181/" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2018-005.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2018-005.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27618", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27618" - }, - { - "name" : "DSA-4320", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4320" - }, - { - "name" : "103129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103129" - }, - { - "name" : "1040417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4320", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4320" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-27618", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-27618" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2018-005.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2018-005.html" + }, + { + "name": "44181", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44181/" + }, + { + "name": "1040417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040417" + }, + { + "name": "103129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103129" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7296.json b/2018/7xxx/CVE-2018-7296.json index 278165be469..713b9a7d841 100644 --- a/2018/7xxx/CVE-2018-7296.json +++ b/2018/7xxx/CVE-2018-7296.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://atomic111.github.io/article/homematic-ccu2-fileread", - "refsource" : "MISC", - "url" : "http://atomic111.github.io/article/homematic-ccu2-fileread" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://atomic111.github.io/article/homematic-ccu2-fileread", + "refsource": "MISC", + "url": "http://atomic111.github.io/article/homematic-ccu2-fileread" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7386.json b/2018/7xxx/CVE-2018-7386.json index df674462983..30d23ff2031 100644 --- a/2018/7xxx/CVE-2018-7386.json +++ b/2018/7xxx/CVE-2018-7386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file