diff --git a/2005/0xxx/CVE-2005-0288.json b/2005/0xxx/CVE-2005-0288.json index cfaa24fe626..84ca300acca 100644 --- a/2005/0xxx/CVE-2005-0288.json +++ b/2005/0xxx/CVE-2005-0288.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 Portcullis Security Advisory 05-008", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110549684319400&w=2" - }, - { - "name" : "12231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12231" - }, - { - "name" : "1012854", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012854" - }, - { - "name" : "13821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13821" - }, - { - "name" : "webseries-pa-password-gain-access(18860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012854", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012854" + }, + { + "name": "webseries-pa-password-gain-access(18860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18860" + }, + { + "name": "20050110 Portcullis Security Advisory 05-008", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110549684319400&w=2" + }, + { + "name": "12231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12231" + }, + { + "name": "13821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13821" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0466.json b/2005/0xxx/CVE-2005-0466.json index f450d8911b9..dd95fc06c95 100644 --- a/2005/0xxx/CVE-2005-0466.json +++ b/2005/0xxx/CVE-2005-0466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0776.json b/2005/0xxx/CVE-2005-0776.json index 1dc99f1ac8b..ca305edf397 100644 --- a/2005/0xxx/CVE-2005-0776.json +++ b/2005/0xxx/CVE-2005-0776.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111065868402859&w=2" - }, - { - "name" : "12779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12779" - }, - { - "name" : "14576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14576" - }, - { - "name" : "photopost-image-modification(19677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12779" + }, + { + "name": "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111065868402859&w=2" + }, + { + "name": "photopost-image-modification(19677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19677" + }, + { + "name": "14576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14576" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0851.json b/2005/0xxx/CVE-2005-0851.json index 34d1d394f2e..e4bcecb0bd7 100644 --- a/2005/0xxx/CVE-2005-0851.json +++ b/2005/0xxx/CVE-2005-0851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" - }, - { - "name" : "12865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" + }, + { + "name": "12865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12865" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1066.json b/2005/1xxx/CVE-2005-1066.json index 558e843ba2b..1f3ad0abf51 100644 --- a/2005/1xxx/CVE-2005-1066.json +++ b/2005/1xxx/CVE-2005-1066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050411 rpdump TOCTOU file-permissions vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html" - }, - { - "name" : "15456", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15456" - }, - { - "name" : "14899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050411 rpdump TOCTOU file-permissions vulnerability", + "refsource": "BUGTRAQ", + "url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html" + }, + { + "name": "14899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14899" + }, + { + "name": "15456", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15456" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1987.json b/2005/1xxx/CVE-2005-1987.json index 0e09d297208..a2635c8f84a 100644 --- a/2005/1xxx/CVE-2005-1987.json +++ b/2005/1xxx/CVE-2005-1987.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the \"Content-Type\" string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112915118302012&w=2" - }, - { - "name" : "20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html" - }, - { - "name" : "MS05-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048" - }, - { - "name" : "Q907245", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q907245" - }, - { - "name" : "TA05-284A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" - }, - { - "name" : "VU#883460", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/883460" - }, - { - "name" : "15067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15067" - }, - { - "name" : "19905", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19905" - }, - { - "name" : "oval:org.mitre.oval:def:1130", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130" - }, - { - "name" : "oval:org.mitre.oval:def:1201", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201" - }, - { - "name" : "oval:org.mitre.oval:def:1406", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406" - }, - { - "name" : "oval:org.mitre.oval:def:1420", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420" - }, - { - "name" : "oval:org.mitre.oval:def:1515", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515" - }, - { - "name" : "oval:org.mitre.oval:def:581", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581" - }, - { - "name" : "oval:org.mitre.oval:def:848", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848" - }, - { - "name" : "1015038", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015038" - }, - { - "name" : "1015039", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015039" - }, - { - "name" : "17167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17167" - }, - { - "name" : "win-cdo-bo(22495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the \"Content-Type\" string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19905", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19905" + }, + { + "name": "Q907245", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q907245" + }, + { + "name": "oval:org.mitre.oval:def:581", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A581" + }, + { + "name": "oval:org.mitre.oval:def:1406", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1406" + }, + { + "name": "VU#883460", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/883460" + }, + { + "name": "oval:org.mitre.oval:def:848", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A848" + }, + { + "name": "oval:org.mitre.oval:def:1515", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1515" + }, + { + "name": "win-cdo-bo(22495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22495" + }, + { + "name": "17167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17167" + }, + { + "name": "15067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15067" + }, + { + "name": "oval:org.mitre.oval:def:1420", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1420" + }, + { + "name": "MS05-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-048" + }, + { + "name": "oval:org.mitre.oval:def:1201", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1201" + }, + { + "name": "oval:org.mitre.oval:def:1130", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1130" + }, + { + "name": "TA05-284A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html" + }, + { + "name": "1015038", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015038" + }, + { + "name": "20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html" + }, + { + "name": "20051012 [SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112915118302012&w=2" + }, + { + "name": "1015039", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015039" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3420.json b/2005/3xxx/CVE-2005-3420.json index fc62cef075e..c759ab5b0d0 100644 --- a/2005/3xxx/CVE-2005-3420.json +++ b/2005/3xxx/CVE-2005-3420.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an \"e\" modifier into a preg_replace statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2" - }, - { - "name" : "http://www.hardened-php.net/advisory_172005.75.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_172005.75.html" - }, - { - "name" : "DSA-925", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-925" - }, - { - "name" : "15243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15243" - }, - { - "name" : "ADV-2005-2250", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2250" - }, - { - "name" : "20391", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20391" - }, - { - "name" : "1015121", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015121" - }, - { - "name" : "17366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17366" - }, - { - "name" : "18098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18098" - }, - { - "name" : "130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an \"e\" modifier into a preg_replace statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2250", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2250" + }, + { + "name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2" + }, + { + "name": "DSA-925", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-925" + }, + { + "name": "17366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17366" + }, + { + "name": "130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/130" + }, + { + "name": "18098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18098" + }, + { + "name": "http://www.hardened-php.net/advisory_172005.75.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_172005.75.html" + }, + { + "name": "20391", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20391" + }, + { + "name": "1015121", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015121" + }, + { + "name": "15243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15243" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4097.json b/2005/4xxx/CVE-2005-4097.json index e404b8cc141..288013a81f7 100644 --- a/2005/4xxx/CVE-2005-4097.json +++ b/2005/4xxx/CVE-2005-4097.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4097", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4097", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4194.json b/2005/4xxx/CVE-2005-4194.json index f0cc71b339c..0d859e11a24 100644 --- a/2005/4xxx/CVE-2005-4194.json +++ b/2005/4xxx/CVE-2005-4194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/sws.txt", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/sws.txt" - }, - { - "name" : "15809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15809" - }, - { - "name" : "ADV-2005-2841", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2841" - }, - { - "name" : "17998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2841", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2841" + }, + { + "name": "http://www.ipomonis.com/advisories/sws.txt", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/sws.txt" + }, + { + "name": "15809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15809" + }, + { + "name": "17998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17998" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4368.json b/2005/4xxx/CVE-2005-4368.json index c6ecd120d6e..65923b295d0 100644 --- a/2005/4xxx/CVE-2005-4368.json +++ b/2005/4xxx/CVE-2005-4368.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051217 Fullpath disclosure in roundcube webmail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418851/100/0/threaded" - }, - { - "name" : "20051217 Re: Fullpath disclosure in roundcube webmail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419710/100/0/threaded" - }, - { - "name" : "20060117 Re: Fullpath disclosure in roundcube webmail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422168/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060117 Re: Fullpath disclosure in roundcube webmail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422168/100/0/threaded" + }, + { + "name": "20051217 Re: Fullpath disclosure in roundcube webmail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419710/100/0/threaded" + }, + { + "name": "20051217 Fullpath disclosure in roundcube webmail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418851/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4457.json b/2005/4xxx/CVE-2005-4457.json index 28e514211be..d2bb9a1bb43 100644 --- a/2005/4xxx/CVE-2005-4457.json +++ b/2005/4xxx/CVE-2005-4457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several \"...\" (triple dot) sequences in a UID FETCH command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Dec/1036.html" - }, - { - "name" : "18134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several \"...\" (triple dot) sequences in a UID FETCH command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18134" + }, + { + "name": "20051220 [ACSSEC-2005-11-27-0x2] Remote Overflows in Mailenable Enterprise 1.1 / Professional 1.7", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Dec/1036.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4685.json b/2005/4xxx/CVE-2005-4685.json index f7ea3afc2ae..6a321f32f74 100644 --- a/2005/4xxx/CVE-2005-4685.json +++ b/2005/4xxx/CVE-2005-4685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Browser cookie handling: possible cross-domain cookie sharing", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html" - }, - { - "name" : "15331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15331" - }, - { - "name" : "konqueror-cookie-information-disclosure(25291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15331" + }, + { + "name": "20051104 Browser cookie handling: possible cross-domain cookie sharing", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html" + }, + { + "name": "konqueror-cookie-information-disclosure(25291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0170.json b/2009/0xxx/CVE-2009-0170.json index 2bc8a6f81e0..c543240e362 100644 --- a/2009/0xxx/CVE-2009-0170.json +++ b/2009/0xxx/CVE-2009-0170.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1" - }, - { - "name" : "242166", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1" - }, - { - "name" : "33265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33265" - }, - { - "name" : "ADV-2009-0156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0156" - }, - { - "name" : "1021605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021605" - }, - { - "name" : "sun-jsam-password-info-disclosure(47942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1" + }, + { + "name": "33265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33265" + }, + { + "name": "1021605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021605" + }, + { + "name": "242166", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1" + }, + { + "name": "sun-jsam-password-info-disclosure(47942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942" + }, + { + "name": "ADV-2009-0156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0156" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0352.json b/2009/0xxx/CVE-2009-0352.json index 03cd3bc1434..9af21028e06 100644 --- a/2009/0xxx/CVE-2009-0352.json +++ b/2009/0xxx/CVE-2009-0352.json @@ -1,297 +1,297 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=331088", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=331088" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=401042", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=401042" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=416461", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=416461" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=420697", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=420697" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=421839", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=421839" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=422283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=422283" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=422301", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=422301" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431705", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431705" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=437142", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=437142" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449006", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449006" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461027", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=461027" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-1399", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" - }, - { - "name" : "FEDORA-2009-2882", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" - }, - { - "name" : "FEDORA-2009-2884", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" - }, - { - "name" : "FEDORA-2009-3101", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" - }, - { - "name" : "MDVSA-2009:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" - }, - { - "name" : "MDVSA-2009:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" - }, - { - "name" : "RHSA-2009:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0256.html" - }, - { - "name" : "RHSA-2009:0257", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0257.html" - }, - { - "name" : "RHSA-2009:0258", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html" - }, - { - "name" : "SSA:2009-083-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" - }, - { - "name" : "SSA:2009-083-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" - }, - { - "name" : "SUSE-SA:2009:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" - }, - { - "name" : "SUSE-SA:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" - }, - { - "name" : "USN-717-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-717-1" - }, - { - "name" : "USN-741-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/741-1/" - }, - { - "name" : "33598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33598" - }, - { - "name" : "oval:org.mitre.oval:def:10699", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699" - }, - { - "name" : "33802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33802" - }, - { - "name" : "33831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33831" - }, - { - "name" : "33841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33841" - }, - { - "name" : "33846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33846" - }, - { - "name" : "34387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34387" - }, - { - "name" : "34324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34324" - }, - { - "name" : "34417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34417" - }, - { - "name" : "34462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34462" - }, - { - "name" : "34464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34464" - }, - { - "name" : "34527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34527" - }, - { - "name" : "ADV-2009-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0313" - }, - { - "name" : "1021663", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021663" - }, - { - "name" : "33799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33799" - }, - { - "name" : "33808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33808" - }, - { - "name" : "33809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33809" - }, - { - "name" : "33816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33816" - }, - { - "name" : "33869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" + }, + { + "name": "33808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33808" + }, + { + "name": "ADV-2009-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0313" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "SUSE-SA:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=431705", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=431705" + }, + { + "name": "FEDORA-2009-3101", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" + }, + { + "name": "33809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33809" + }, + { + "name": "MDVSA-2009:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" + }, + { + "name": "RHSA-2009:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0256.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-01.html" + }, + { + "name": "SSA:2009-083-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=437142", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=437142" + }, + { + "name": "oval:org.mitre.oval:def:10699", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=416461", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=416461" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=422283", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=422283" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=421839", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=421839" + }, + { + "name": "33831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33831" + }, + { + "name": "RHSA-2009:0258", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html" + }, + { + "name": "MDVSA-2009:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" + }, + { + "name": "1021663", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021663" + }, + { + "name": "34464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34464" + }, + { + "name": "34417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34417" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=331088", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=331088" + }, + { + "name": "33841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33841" + }, + { + "name": "34527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34527" + }, + { + "name": "33816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33816" + }, + { + "name": "33846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33846" + }, + { + "name": "33799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33799" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=401042", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=401042" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=422301", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=422301" + }, + { + "name": "FEDORA-2009-2882", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" + }, + { + "name": "RHSA-2009:0257", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0257.html" + }, + { + "name": "FEDORA-2009-2884", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" + }, + { + "name": "SSA:2009-083-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" + }, + { + "name": "34462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34462" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=420697", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=420697" + }, + { + "name": "33598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33598" + }, + { + "name": "USN-741-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/741-1/" + }, + { + "name": "FEDORA-2009-1399", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" + }, + { + "name": "33802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33802" + }, + { + "name": "34324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34324" + }, + { + "name": "33869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33869" + }, + { + "name": "USN-717-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-717-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=449006", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=449006" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=461027", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=461027" + }, + { + "name": "34387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34387" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0355.json b/2009/0xxx/CVE-2009-0355.json index 4efcc95a1f6..b1b995b07c4 100644 --- a/2009/0xxx/CVE-2009-0355.json +++ b/2009/0xxx/CVE-2009-0355.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type=\"file\" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-03.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466937", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466937" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" - }, - { - "name" : "FEDORA-2009-1399", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" - }, - { - "name" : "FEDORA-2009-2882", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" - }, - { - "name" : "FEDORA-2009-2884", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" - }, - { - "name" : "MDVSA-2009:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" - }, - { - "name" : "RHSA-2009:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0256.html" - }, - { - "name" : "RHSA-2009:0257", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0257.html" - }, - { - "name" : "RHSA-2009:0258", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html" - }, - { - "name" : "SUSE-SA:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" - }, - { - "name" : "USN-717-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-717-1" - }, - { - "name" : "USN-717-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-717-2" - }, - { - "name" : "33598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33598" - }, - { - "name" : "oval:org.mitre.oval:def:9161", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161" - }, - { - "name" : "33831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33831" - }, - { - "name" : "33841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33841" - }, - { - "name" : "33846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33846" - }, - { - "name" : "34324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34324" - }, - { - "name" : "34417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34417" - }, - { - "name" : "ADV-2009-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0313" - }, - { - "name" : "1021665", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021665" - }, - { - "name" : "33799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33799" - }, - { - "name" : "33808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33808" - }, - { - "name" : "33809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33809" - }, - { - "name" : "33816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33816" - }, - { - "name" : "33869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type=\"file\" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33808" + }, + { + "name": "ADV-2009-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0313" + }, + { + "name": "SUSE-SA:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" + }, + { + "name": "33809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33809" + }, + { + "name": "MDVSA-2009:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" + }, + { + "name": "RHSA-2009:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0256.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" + }, + { + "name": "33831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33831" + }, + { + "name": "oval:org.mitre.oval:def:9161", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161" + }, + { + "name": "USN-717-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-717-2" + }, + { + "name": "RHSA-2009:0258", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-03.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-03.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=466937", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=466937" + }, + { + "name": "34417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34417" + }, + { + "name": "33841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33841" + }, + { + "name": "33816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33816" + }, + { + "name": "33846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33846" + }, + { + "name": "33799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33799" + }, + { + "name": "FEDORA-2009-2882", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html" + }, + { + "name": "RHSA-2009:0257", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0257.html" + }, + { + "name": "FEDORA-2009-2884", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html" + }, + { + "name": "33598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33598" + }, + { + "name": "FEDORA-2009-1399", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" + }, + { + "name": "34324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34324" + }, + { + "name": "33869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33869" + }, + { + "name": "USN-717-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-717-1" + }, + { + "name": "1021665", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021665" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1178.json b/2009/1xxx/CVE-2009-1178.json index a51f93024bb..64e3bf9d372 100644 --- a/2009/1xxx/CVE-2009-1178.json +++ b/2009/1xxx/CVE-2009-1178.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the \"admin command line.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21246076", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21246076" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360" - }, - { - "name" : "IC46744", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744" - }, - { - "name" : "34285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34285" - }, - { - "name" : "1021945", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021945" - }, - { - "name" : "34498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34498" - }, - { - "name" : "ADV-2009-0881", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the \"admin command line.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0881", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0881" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375360" + }, + { + "name": "IC46744", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC46744" + }, + { + "name": "34285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34285" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21246076" + }, + { + "name": "34498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34498" + }, + { + "name": "1021945", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021945" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1509.json b/2009/1xxx/CVE-2009-1509.json index 6e6592d0e79..d41f8cc94fe 100644 --- a/2009/1xxx/CVE-2009-1509.json +++ b/2009/1xxx/CVE-2009-1509.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8341", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8341" - }, - { - "name" : "34338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34338" - }, - { - "name" : "34529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34529" + }, + { + "name": "8341", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8341" + }, + { + "name": "34338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34338" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3073.json b/2009/3xxx/CVE-2009-3073.json index b9a507d426c..a0cf3193ea5 100644 --- a/2009/3xxx/CVE-2009-3073.json +++ b/2009/3xxx/CVE-2009-3073.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=507292", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=507292" - }, - { - "name" : "SUSE-SA:2009:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" - }, - { - "name" : "36343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36343" - }, - { - "name" : "oval:org.mitre.oval:def:6398", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6398" - }, - { - "name" : "36671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36671" - }, - { - "name" : "37098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36343" + }, + { + "name": "SUSE-SA:2009:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" + }, + { + "name": "oval:org.mitre.oval:def:6398", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6398" + }, + { + "name": "36671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36671" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html" + }, + { + "name": "37098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37098" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=507292", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=507292" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3870.json b/2009/3xxx/CVE-2009-3870.json index e1a2ce6b229..6a2969fc96c 100644 --- a/2009/3xxx/CVE-2009-3870.json +++ b/2009/3xxx/CVE-2009-3870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3870", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3870. Reason: This candidate is a duplicate of CVE-2008-3870. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2008-3870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3870", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3870. Reason: This candidate is a duplicate of CVE-2008-3870. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2008-3870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3891.json b/2009/3xxx/CVE-2009-3891.json index 4f3e4f3a019..e07e41b1140 100644 --- a/2009/3xxx/CVE-2009-3891.json +++ b/2009/3xxx/CVE-2009-3891.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091115 CVE request: Wordpress 2.8.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/15/2" - }, - { - "name" : "[oss-security] 20091115 Re: CVE request: Wordpress 2.8.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/15/3" - }, - { - "name" : "[oss-security] 20091116 Re: CVE request: Wordpress 2.8.6", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/16/1" - }, - { - "name" : "http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch" - }, - { - "name" : "http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff" - }, - { - "name" : "http://core.trac.wordpress.org/ticket/11119", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/ticket/11119" - }, - { - "name" : "http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/" - }, - { - "name" : "59959", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59959" - }, - { - "name" : "37332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37332" + }, + { + "name": "[oss-security] 20091116 Re: CVE request: Wordpress 2.8.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/16/1" + }, + { + "name": "http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/" + }, + { + "name": "59959", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59959" + }, + { + "name": "[oss-security] 20091115 Re: CVE request: Wordpress 2.8.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/15/3" + }, + { + "name": "http://core.trac.wordpress.org/ticket/11119", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/ticket/11119" + }, + { + "name": "http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch" + }, + { + "name": "[oss-security] 20091115 CVE request: Wordpress 2.8.6", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/15/2" + }, + { + "name": "http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4186.json b/2009/4xxx/CVE-2009-4186.json index 79a279a19c3..a3989fe220d 100644 --- a/2009/4xxx/CVE-2009-4186.json +++ b/2009/4xxx/CVE-2009-4186.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10102", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10102" - }, - { - "name" : "37039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37039" - }, - { - "name" : "safari-css-property-bo(54487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "safari-css-property-bo(54487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54487" + }, + { + "name": "10102", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10102" + }, + { + "name": "37039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37039" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4252.json b/2009/4xxx/CVE-2009-4252.json index a4598e049a7..d8c2abcc5b1 100644 --- a/2009/4xxx/CVE-2009-4252.json +++ b/2009/4xxx/CVE-2009-4252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10300", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10300" - }, - { - "name" : "http://www.clixint.com/support/viewtopic.php?f=3&t=542", - "refsource" : "CONFIRM", - "url" : "http://www.clixint.com/support/viewtopic.php?f=3&t=542" - }, - { - "name" : "37456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.clixint.com/support/viewtopic.php?f=3&t=542", + "refsource": "CONFIRM", + "url": "http://www.clixint.com/support/viewtopic.php?f=3&t=542" + }, + { + "name": "10300", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10300" + }, + { + "name": "37456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37456" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4611.json b/2009/4xxx/CVE-2009-4611.json index b89efeddacd..4ccb4ab5b54 100644 --- a/2009/4xxx/CVE-2009-4611.json +++ b/2009/4xxx/CVE-2009-4611.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" - }, - { - "name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt" + }, + { + "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" + }, + { + "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4649.json b/2009/4xxx/CVE-2009-4649.json index 16c1f52f2fd..0f23a67678f 100644 --- a/2009/4xxx/CVE-2009-4649.json +++ b/2009/4xxx/CVE-2009-4649.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://groups.csail.mit.edu/pag/ardilla/", - "refsource" : "MISC", - "url" : "http://groups.csail.mit.edu/pag/ardilla/" - }, - { - "name" : "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt", - "refsource" : "MISC", - "url" : "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt" - }, - { - "name" : "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt", - "refsource" : "MISC", - "url" : "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt" - }, - { - "name" : "35449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35449" - }, - { - "name" : "geccbblite-postatoda-xss(56278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://groups.csail.mit.edu/pag/ardilla/", + "refsource": "MISC", + "url": "http://groups.csail.mit.edu/pag/ardilla/" + }, + { + "name": "geccbblite-postatoda-xss(56278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56278" + }, + { + "name": "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt", + "refsource": "MISC", + "url": "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt" + }, + { + "name": "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt", + "refsource": "MISC", + "url": "http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt" + }, + { + "name": "35449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35449" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4789.json b/2009/4xxx/CVE-2009-4789.json index 031bb43023f..841b84bce13 100644 --- a/2009/4xxx/CVE-2009-4789.json +++ b/2009/4xxx/CVE-2009-4789.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt" - }, - { - "name" : "37179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37179" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2042.json b/2012/2xxx/CVE-2012-2042.json index 289bbfc9826..bf63bb51838 100644 --- a/2012/2xxx/CVE-2012-2042.json +++ b/2012/2xxx/CVE-2012-2042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-2042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html" - }, - { - "name" : "1027047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-10.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-10.html" + }, + { + "name": "1027047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027047" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2169.json b/2012/2xxx/CVE-2012-2169.json index 298de301473..0d0db4c5159 100644 --- a/2012/2xxx/CVE-2012-2169.json +++ b/2012/2xxx/CVE-2012-2169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21607783", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21607783" - }, - { - "name" : "PM62762", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762" - }, - { - "name" : "rcq-filedesc-xss(75049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM62762", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62762" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21607783", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21607783" + }, + { + "name": "rcq-filedesc-xss(75049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75049" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2732.json b/2012/2xxx/CVE-2012-2732.json index 358ebb39b01..962d0721a55 100644 --- a/2012/2xxx/CVE-2012-2732.json +++ b/2012/2xxx/CVE-2012-2732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2732", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2021. Reason: This candidate is a duplicate of CVE-2010-2021. Notes: All CVE users should reference CVE-2010-2021 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2732", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2021. Reason: This candidate is a duplicate of CVE-2010-2021. Notes: All CVE users should reference CVE-2010-2021 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6498.json b/2012/6xxx/CVE-2012-6498.json index 4679f446d55..fdd5ec7bd4e 100644 --- a/2012/6xxx/CVE-2012-6498.json +++ b/2012/6xxx/CVE-2012-6498.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://thaicert.or.th/alerts/admin/2012/al2012ad025.html", - "refsource" : "MISC", - "url" : "http://thaicert.or.th/alerts/admin/2012/al2012ad025.html" - }, - { - "name" : "http://www.youtube.com/watch?v=CfvTCSS3LGY", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=CfvTCSS3LGY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file, as exploited in the wild in October 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.youtube.com/watch?v=CfvTCSS3LGY", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=CfvTCSS3LGY" + }, + { + "name": "http://thaicert.or.th/alerts/admin/2012/al2012ad025.html", + "refsource": "MISC", + "url": "http://thaicert.or.th/alerts/admin/2012/al2012ad025.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0532.json b/2015/0xxx/CVE-2015-0532.json index 60677b96f40..0978a83497e 100644 --- a/2015/0xxx/CVE-2015-0532.json +++ b/2015/0xxx/CVE-2015-0532.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150429 ESA-2015-078: RSA Identity Management and Governance (IMG) Insecure Password Reset Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Apr/204" - }, - { - "name" : "http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html" - }, - { - "name" : "1032218", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150429 ESA-2015-078: RSA Identity Management and Governance (IMG) Insecure Password Reset Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Apr/204" + }, + { + "name": "1032218", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032218" + }, + { + "name": "http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1316.json b/2015/1xxx/CVE-2015-1316.json index 966e1208ffe..351f667472a 100644 --- a/2015/1xxx/CVE-2015-1316.json +++ b/2015/1xxx/CVE-2015-1316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1783.json b/2015/1xxx/CVE-2015-1783.json index e7422f2401d..396137478dc 100644 --- a/2015/1xxx/CVE-2015-1783.json +++ b/2015/1xxx/CVE-2015-1783.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd", - "refsource" : "MISC", - "url" : "https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199925", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1199925" - }, - { - "name" : "FEDORA-2015-4807", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154355.html" - }, - { - "name" : "FEDORA-2015-4821", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155382.html" - }, - { - "name" : "FEDORA-2015-4848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd", + "refsource": "MISC", + "url": "https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd" + }, + { + "name": "FEDORA-2015-4807", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154355.html" + }, + { + "name": "FEDORA-2015-4821", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155382.html" + }, + { + "name": "FEDORA-2015-4848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1199925", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199925" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5057.json b/2015/5xxx/CVE-2015-5057.json index 99100af2e8c..b688379be4f 100644 --- a/2015/5xxx/CVE-2015-5057.json +++ b/2015/5xxx/CVE-2015-5057.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150624 Re: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/25/1" - }, - { - "name" : "https://wordpress.org/plugins/broken-link-checker/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/broken-link-checker/#developers" - }, - { - "name" : "75421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/broken-link-checker/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/broken-link-checker/#developers" + }, + { + "name": "[oss-security] 20150624 Re: CVE Request for Wordpress-Plugin Broken Link Checker v1.10.8: Persistent XSS in admin panel enabled by modified headers", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/25/1" + }, + { + "name": "75421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75421" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5163.json b/2015/5xxx/CVE-2015-5163.json index 9efb7a1f8c2..a4cbc52f2e4 100644 --- a/2015/5xxx/CVE-2015-5163.json +++ b/2015/5xxx/CVE-2015-5163.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20150813 [OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1471912", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1471912" - }, - { - "name" : "RHSA-2015:1639", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1639.html" - }, - { - "name" : "76346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1639", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1639.html" + }, + { + "name": "[openstack-announce] 20150813 [OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html" + }, + { + "name": "76346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76346" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1471912", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1471912" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5696.json b/2015/5xxx/CVE-2015-5696.json index 518256ece39..de165149530 100644 --- a/2015/5xxx/CVE-2015-5696.json +++ b/2015/5xxx/CVE-2015-5696.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150730 Dell Netvault Backup Remote Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536111/100/0/threaded" - }, - { - "name" : "37739", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37739/" - }, - { - "name" : "http://packetstormsecurity.com/files/132928/Dell-Netvault-Backup-10.0.1.24-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132928/Dell-Netvault-Backup-10.0.1.24-Denial-Of-Service.html" - }, - { - "name" : "1033145", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132928/Dell-Netvault-Backup-10.0.1.24-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132928/Dell-Netvault-Backup-10.0.1.24-Denial-Of-Service.html" + }, + { + "name": "1033145", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033145" + }, + { + "name": "20150730 Dell Netvault Backup Remote Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536111/100/0/threaded" + }, + { + "name": "37739", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37739/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002006.json b/2018/1002xxx/CVE-2018-1002006.json index 41aad61b3e5..6c3a823d166 100644 --- a/2018/1002xxx/CVE-2018-1002006.json +++ b/2018/1002xxx/CVE-2018-1002006.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2018-08-22", - "ID" : "CVE-2018-1002006", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Arigato Autoresponder and Newsletter", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "2.5.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "Kiboko Labs https://calendarscripts.info/" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2018-08-22", + "ID": "CVE-2018-1002006", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Arigato Autoresponder and Newsletter", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.5.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Kiboko Labs https://calendarscripts.info/" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45434", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45434/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=203", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=203" - }, - { - "name" : "https://wordpress.org/plugins/bft-autoresponder/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/bft-autoresponder/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45434", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45434/" + }, + { + "name": "https://wordpress.org/plugins/bft-autoresponder/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/bft-autoresponder/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=203", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=203" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3486.json b/2018/3xxx/CVE-2018-3486.json index 030e57b3dc7..af5da895a50 100644 --- a/2018/3xxx/CVE-2018-3486.json +++ b/2018/3xxx/CVE-2018-3486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3793.json b/2018/3xxx/CVE-2018-3793.json index 6577ebc0082..b0b2cda7e88 100644 --- a/2018/3xxx/CVE-2018-3793.json +++ b/2018/3xxx/CVE-2018-3793.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3793", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3793", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3796.json b/2018/3xxx/CVE-2018-3796.json index bef461d39da..2a19e91b9ca 100644 --- a/2018/3xxx/CVE-2018-3796.json +++ b/2018/3xxx/CVE-2018-3796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3796", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3796", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7169.json b/2018/7xxx/CVE-2018-7169.json index b7d47b436e4..a7776e7580e 100644 --- a/2018/7xxx/CVE-2018-7169.json +++ b/2018/7xxx/CVE-2018-7169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357" - }, - { - "name" : "GLSA-201805-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-09" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357" + }, + { + "name": "GLSA-201805-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-09" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7263.json b/2018/7xxx/CVE-2018-7263.json index fc1680765f4..30d5b6f5672 100644 --- a/2018/7xxx/CVE-2018-7263.json +++ b/2018/7xxx/CVE-2018-7263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1081784", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1081784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1081784", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1081784" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7622.json b/2018/7xxx/CVE-2018-7622.json index 8de519e93f9..c8c3a0abeca 100644 --- a/2018/7xxx/CVE-2018-7622.json +++ b/2018/7xxx/CVE-2018-7622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7840.json b/2018/7xxx/CVE-2018-7840.json index afa35946ded..42ff431cc2c 100644 --- a/2018/7xxx/CVE-2018-7840.json +++ b/2018/7xxx/CVE-2018-7840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7840", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7840", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8119.json b/2018/8xxx/CVE-2018-8119.json index 28878940f8c..47c97b35c74 100644 --- a/2018/8xxx/CVE-2018-8119.json +++ b/2018/8xxx/CVE-2018-8119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "C# SDK", - "version" : { - "version_data" : [ - { - "version_value" : "Azure IoT" - } - ] - } - }, - { - "product_name" : "C SDK", - "version" : { - "version_data" : [ - { - "version_value" : "Azure IoT" - } - ] - } - }, - { - "product_name" : "Java SDK", - "version" : { - "version_data" : [ - { - "version_value" : "Azure IoT" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C# SDK, C SDK, Java SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "C# SDK", + "version": { + "version_data": [ + { + "version_value": "Azure IoT" + } + ] + } + }, + { + "product_name": "C SDK", + "version": { + "version_data": [ + { + "version_value": "Azure IoT" + } + ] + } + }, + { + "product_name": "Java SDK", + "version": { + "version_data": [ + { + "version_value": "Azure IoT" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119" - }, - { - "name" : "104070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C# SDK, C SDK, Java SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119" + }, + { + "name": "104070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104070" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8854.json b/2018/8xxx/CVE-2018-8854.json index 77a7b1ac2f8..d6e7a404aeb 100644 --- a/2018/8xxx/CVE-2018-8854.json +++ b/2018/8xxx/CVE-2018-8854.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-31T00:00:00", - "ID" : "CVE-2018-8854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "e-Alert Unit (non-medical device)", - "version" : { - "version_data" : [ - { - "version_value" : "R2.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-31T00:00:00", + "ID": "CVE-2018-8854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "e-Alert Unit (non-medical device)", + "version": { + "version_data": [ + { + "version_value": "R2.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" - }, - { - "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", - "refsource" : "CONFIRM", - "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" - }, - { - "name" : "105194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource": "CONFIRM", + "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" + }, + { + "name": "105194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105194" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8983.json b/2018/8xxx/CVE-2018-8983.json index 2e404e15e19..0127d100ded 100644 --- a/2018/8xxx/CVE-2018-8983.json +++ b/2018/8xxx/CVE-2018-8983.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8983", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8983", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8997.json b/2018/8xxx/CVE-2018-8997.json index 06fb41cfada..f7bbf3661cf 100644 --- a/2018/8xxx/CVE-2018-8997.json +++ b/2018/8xxx/CVE-2018-8997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002004", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002004", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002004" + } + ] + } +} \ No newline at end of file