From e49231c39b11911acf02c5e26367e6f3533013f4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:24:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0523.json | 150 +++++++------- 2005/0xxx/CVE-2005-0568.json | 160 +++++++------- 2005/2xxx/CVE-2005-2173.json | 140 ++++++------- 2005/2xxx/CVE-2005-2390.json | 170 +++++++-------- 2005/2xxx/CVE-2005-2462.json | 160 +++++++------- 2005/2xxx/CVE-2005-2855.json | 180 ++++++++-------- 2005/3xxx/CVE-2005-3056.json | 34 +-- 2005/3xxx/CVE-2005-3157.json | 150 +++++++------- 2005/3xxx/CVE-2005-3274.json | 310 ++++++++++++++-------------- 2005/3xxx/CVE-2005-3440.json | 160 +++++++------- 2005/3xxx/CVE-2005-3866.json | 170 +++++++-------- 2005/3xxx/CVE-2005-3947.json | 160 +++++++------- 2005/3xxx/CVE-2005-3994.json | 34 +-- 2005/4xxx/CVE-2005-4516.json | 180 ++++++++-------- 2005/4xxx/CVE-2005-4525.json | 150 +++++++------- 2005/4xxx/CVE-2005-4624.json | 140 ++++++------- 2009/0xxx/CVE-2009-0231.json | 180 ++++++++-------- 2009/2xxx/CVE-2009-2000.json | 160 +++++++------- 2009/2xxx/CVE-2009-2139.json | 230 ++++++++++----------- 2009/2xxx/CVE-2009-2266.json | 120 +++++------ 2009/2xxx/CVE-2009-2823.json | 160 +++++++------- 2009/2xxx/CVE-2009-2917.json | 130 ++++++------ 2009/2xxx/CVE-2009-2947.json | 170 +++++++-------- 2009/3xxx/CVE-2009-3044.json | 180 ++++++++-------- 2009/3xxx/CVE-2009-3210.json | 170 +++++++-------- 2009/3xxx/CVE-2009-3328.json | 130 ++++++------ 2009/3xxx/CVE-2009-3470.json | 160 +++++++------- 2009/3xxx/CVE-2009-3873.json | 390 +++++++++++++++++------------------ 2009/4xxx/CVE-2009-4533.json | 190 ++++++++--------- 2009/4xxx/CVE-2009-4900.json | 34 +-- 2012/2xxx/CVE-2012-2814.json | 200 +++++++++--------- 2015/0xxx/CVE-2015-0241.json | 34 +-- 2015/0xxx/CVE-2015-0246.json | 34 +-- 2015/0xxx/CVE-2015-0269.json | 140 ++++++------- 2015/0xxx/CVE-2015-0432.json | 290 +++++++++++++------------- 2015/1xxx/CVE-2015-1001.json | 120 +++++------ 2015/1xxx/CVE-2015-1207.json | 140 ++++++------- 2015/1xxx/CVE-2015-1622.json | 140 ++++++------- 2015/4xxx/CVE-2015-4838.json | 130 ++++++------ 2015/5xxx/CVE-2015-5327.json | 140 ++++++------- 2018/3xxx/CVE-2018-3052.json | 140 ++++++------- 2018/3xxx/CVE-2018-3973.json | 132 ++++++------ 2018/6xxx/CVE-2018-6089.json | 172 +++++++-------- 2018/6xxx/CVE-2018-6547.json | 120 +++++------ 2018/6xxx/CVE-2018-6717.json | 34 +-- 2018/7xxx/CVE-2018-7905.json | 34 +-- 2018/7xxx/CVE-2018-7949.json | 234 ++++++++++----------- 2018/8xxx/CVE-2018-8005.json | 168 +++++++-------- 2018/8xxx/CVE-2018-8291.json | 362 ++++++++++++++++---------------- 2018/8xxx/CVE-2018-8653.json | 314 ++++++++++++++-------------- 2018/8xxx/CVE-2018-8769.json | 120 +++++------ 2018/8xxx/CVE-2018-8996.json | 120 +++++------ 52 files changed, 4085 insertions(+), 4085 deletions(-) diff --git a/2005/0xxx/CVE-2005-0523.json b/2005/0xxx/CVE-2005-0523.json index 24e914b733f..c66f0d243d8 100644 --- a/2005/0xxx/CVE-2005-0523.json +++ b/2005/0xxx/CVE-2005-0523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://deicide.siyahsapka.org/exploits/proz_ex2.c", - "refsource" : "MISC", - "url" : "http://deicide.siyahsapka.org/exploits/proz_ex2.c" - }, - { - "name" : "http://www.securiteam.com/exploits/5WP082KEUW.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5WP082KEUW.html" - }, - { - "name" : "DSA-719", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-719" - }, - { - "name" : "12635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/exploits/5WP082KEUW.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5WP082KEUW.html" + }, + { + "name": "12635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12635" + }, + { + "name": "http://deicide.siyahsapka.org/exploits/proz_ex2.c", + "refsource": "MISC", + "url": "http://deicide.siyahsapka.org/exploits/proz_ex2.c" + }, + { + "name": "DSA-719", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-719" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0568.json b/2005/0xxx/CVE-2005-0568.json index 7c7de0b0e1d..04388b2c3c0 100644 --- a/2005/0xxx/CVE-2005-0568.json +++ b/2005/0xxx/CVE-2005-0568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 In-game cl_guid crash in Soldier of Fortune II 1.03", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110927288423807&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/sof2guidboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/sof2guidboom-adv.txt" - }, - { - "name" : "12650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12650" - }, - { - "name" : "1013291", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013291" - }, - { - "name" : "13289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13289" + }, + { + "name": "20050224 In-game cl_guid crash in Soldier of Fortune II 1.03", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110927288423807&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/sof2guidboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/sof2guidboom-adv.txt" + }, + { + "name": "1013291", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013291" + }, + { + "name": "12650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12650" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2173.json b/2005/2xxx/CVE-2005-2173.json index 87c26b32d63..93e341fa596 100644 --- a/2005/2xxx/CVE-2005-2173.json +++ b/2005/2xxx/CVE-2005-2173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.18.1/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.18.1/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=293159", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=293159" - }, - { - "name" : "1014428", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=293159", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=293159" + }, + { + "name": "http://www.bugzilla.org/security/2.18.1/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.18.1/" + }, + { + "name": "1014428", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014428" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2390.json b/2005/2xxx/CVE-2005-2390.json index e127ec0a6a8..aab8908b029 100644 --- a/2005/2xxx/CVE-2005-2390.json +++ b/2005/2xxx/CVE-2005-2390.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2", - "refsource" : "CONFIRM", - "url" : "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2" - }, - { - "name" : "DSA-795", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-795" - }, - { - "name" : "OpenPKG-SA-2005.020", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=112604373503912&w=2" - }, - { - "name" : "14380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14380" - }, - { - "name" : "14381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14381" - }, - { - "name" : "16181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "OpenPKG-SA-2005.020", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=112604373503912&w=2" + }, + { + "name": "14381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14381" + }, + { + "name": "14380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14380" + }, + { + "name": "DSA-795", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-795" + }, + { + "name": "16181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16181" + }, + { + "name": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2", + "refsource": "CONFIRM", + "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2462.json b/2005/2xxx/CVE-2005-2462.json index 4f856a303fb..c3bc67136b0 100644 --- a/2005/2xxx/CVE-2005-2462.json +++ b/2005/2xxx/CVE-2005-2462.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050730 Kayako liveResponse Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112274359718863&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00092-07302005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00092-07302005" - }, - { - "name" : "14425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14425" - }, - { - "name" : "18398", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18398" - }, - { - "name" : "16286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14425" + }, + { + "name": "20050730 Kayako liveResponse Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112274359718863&w=2" + }, + { + "name": "16286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16286" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00092-07302005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00092-07302005" + }, + { + "name": "18398", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18398" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2855.json b/2005/2xxx/CVE-2005-2855.json index 8ae527a084f..9c9e3f2db07 100644 --- a/2005/2xxx/CVE-2005-2855.json +++ b/2005/2xxx/CVE-2005-2855.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050905 UNB 1.5.3 cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112605049014473&w=2" - }, - { - "name" : "http://packetstormsecurity.org/0509-exploits/unb153.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0509-exploits/unb153.html" - }, - { - "name" : "14748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14748" - }, - { - "name" : "ADV-2005-1665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1665" - }, - { - "name" : "19239", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19239" - }, - { - "name" : "16726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16726" - }, - { - "name" : "unclassified-newsboard-xss(22172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1665" + }, + { + "name": "14748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14748" + }, + { + "name": "http://packetstormsecurity.org/0509-exploits/unb153.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0509-exploits/unb153.html" + }, + { + "name": "19239", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19239" + }, + { + "name": "16726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16726" + }, + { + "name": "unclassified-newsboard-xss(22172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22172" + }, + { + "name": "20050905 UNB 1.5.3 cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112605049014473&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3056.json b/2005/3xxx/CVE-2005-3056.json index 0bf353a80e5..b90e27b51e6 100644 --- a/2005/3xxx/CVE-2005-3056.json +++ b/2005/3xxx/CVE-2005-3056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3157.json b/2005/3xxx/CVE-2005-3157.json index eb1389dc5a8..a1ce7a92ff4 100644 --- a/2005/3xxx/CVE-2005-3157.json +++ b/2005/3xxx/CVE-2005-3157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050928 PHP-Fusion v6.00.109 SQL Injection / admin|users credentials", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112793982604963&w=2" - }, - { - "name" : "http://rgod.altervista.org/phpfusion600109.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpfusion600109.html" - }, - { - "name" : "http://www.php-fusion.co.uk/news.php?readmore=259", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php?readmore=259" - }, - { - "name" : "16994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16994" + }, + { + "name": "http://rgod.altervista.org/phpfusion600109.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpfusion600109.html" + }, + { + "name": "20050928 PHP-Fusion v6.00.109 SQL Injection / admin|users credentials", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112793982604963&w=2" + }, + { + "name": "http://www.php-fusion.co.uk/news.php?readmore=259", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php?readmore=259" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3274.json b/2005/3xxx/CVE-2005-3274.json index 64f16696251..550c8f98433 100644 --- a/2005/3xxx/CVE-2005-3274.json +++ b/2005/3xxx/CVE-2005-3274.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d" - }, - { - "name" : "http://lkml.org/lkml/2005/6/23/249", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2005/6/23/249" - }, - { - "name" : "http://lkml.org/lkml/2005/6/24/173", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2005/6/24/173" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "FLSA:157459-4", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427981/100/0/threaded" - }, - { - "name" : "MDKSA-2005:218", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "MDKSA-2005:220", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" - }, - { - "name" : "MDKSA-2005:235", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:235" - }, - { - "name" : "MDKSA-2006:044", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" - }, - { - "name" : "RHSA-2006:0190", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0190.html" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "USN-219-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/219-1/" - }, - { - "name" : "15528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15528" - }, - { - "name" : "oval:org.mitre.oval:def:11723", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11723" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18684" - }, - { - "name" : "18977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18977" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:235", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:235" + }, + { + "name": "18684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18684" + }, + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "18977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18977" + }, + { + "name": "MDKSA-2005:220", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220" + }, + { + "name": "MDKSA-2006:044", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" + }, + { + "name": "15528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15528" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "FLSA:157459-4", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427981/100/0/threaded" + }, + { + "name": "USN-219-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/219-1/" + }, + { + "name": "RHSA-2006:0190", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0190.html" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e684f066dff5628bb61ad1912de6e8058b5b4c7d" + }, + { + "name": "MDKSA-2005:218", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "http://lkml.org/lkml/2005/6/23/249", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2005/6/23/249" + }, + { + "name": "http://lkml.org/lkml/2005/6/24/173", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2005/6/24/173" + }, + { + "name": "oval:org.mitre.oval:def:11723", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11723" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3440.json b/2005/3xxx/CVE-2005-3440.json index 79a8fe1ab14..508aa7ecadf 100644 --- a/2005/3xxx/CVE-2005-3440.json +++ b/2005/3xxx/CVE-2005-3440.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3866.json b/2005/3xxx/CVE-2005-3866.json index 85d8d62ebf2..7daccbcb080 100644 --- a/2005/3xxx/CVE-2005-3866.json +++ b/2005/3xxx/CVE-2005-3866.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html" - }, - { - "name" : "15612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15612" - }, - { - "name" : "ADV-2005-2609", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2609" - }, - { - "name" : "21144", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21144" - }, - { - "name" : "17715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17715" - }, - { - "name" : "searchfeed-search-xss(23348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17715" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html" + }, + { + "name": "searchfeed-search-xss(23348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23348" + }, + { + "name": "15612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15612" + }, + { + "name": "ADV-2005-2609", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2609" + }, + { + "name": "21144", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21144" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3947.json b/2005/3xxx/CVE-2005-3947.json index d56efda5338..ed03c71ac65 100644 --- a/2005/3xxx/CVE-2005-3947.json +++ b/2005/3xxx/CVE-2005-3947.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via \"../\" sequences in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://liz0.3yr.net/phpuploadcenter.txt", - "refsource" : "MISC", - "url" : "http://liz0.3yr.net/phpuploadcenter.txt" - }, - { - "name" : "http://www.blogcu.com/Liz0ziM/126975", - "refsource" : "MISC", - "url" : "http://www.blogcu.com/Liz0ziM/126975" - }, - { - "name" : "15621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15621" - }, - { - "name" : "15626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15626" - }, - { - "name" : "phpupload-index-directory-traversal(24696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via \"../\" sequences in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blogcu.com/Liz0ziM/126975", + "refsource": "MISC", + "url": "http://www.blogcu.com/Liz0ziM/126975" + }, + { + "name": "http://liz0.3yr.net/phpuploadcenter.txt", + "refsource": "MISC", + "url": "http://liz0.3yr.net/phpuploadcenter.txt" + }, + { + "name": "15626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15626" + }, + { + "name": "15621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15621" + }, + { + "name": "phpupload-index-directory-traversal(24696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24696" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3994.json b/2005/3xxx/CVE-2005-3994.json index 82bed086eed..1757fd28ab8 100644 --- a/2005/3xxx/CVE-2005-3994.json +++ b/2005/3xxx/CVE-2005-3994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3994", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3967. Reason: This candidate is a duplicate of CVE-2005-3967. Notes: All CVE users should reference CVE-2005-3967 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-3994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3967. Reason: This candidate is a duplicate of CVE-2005-3967. Notes: All CVE users should reference CVE-2005-3967 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4516.json b/2005/4xxx/CVE-2005-4516.json index e69532311eb..c73dd096570 100644 --- a/2005/4xxx/CVE-2005-4516.json +++ b/2005/4xxx/CVE-2005-4516.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051222 XSS&Sql injection attack in PHP-Fusion 6.00.3 Released", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420109/100/0/threaded" - }, - { - "name" : "15931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15931" - }, - { - "name" : "ADV-2005-3063", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3063" - }, - { - "name" : "22048", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22048" - }, - { - "name" : "22050", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22050" - }, - { - "name" : "18190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18190/" - }, - { - "name" : "272", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3063", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3063" + }, + { + "name": "22050", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22050" + }, + { + "name": "22048", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22048" + }, + { + "name": "272", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/272" + }, + { + "name": "15931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15931" + }, + { + "name": "18190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18190/" + }, + { + "name": "20051222 XSS&Sql injection attack in PHP-Fusion 6.00.3 Released", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420109/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4525.json b/2005/4xxx/CVE-2005-4525.json index 2f90533b7f3..40d88cb65a6 100644 --- a/2005/4xxx/CVE-2005-4525.json +++ b/2005/4xxx/CVE-2005-4525.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 IRM 014: Sygate Protection Agent 5.0 vulnerability - A low privileged user can disable the security agent", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419909/100/0/threaded" - }, - { - "name" : "http://www.irmplc.com/advisory014.htm", - "refsource" : "MISC", - "url" : "http://www.irmplc.com/advisory014.htm" - }, - { - "name" : "15977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15977/" - }, - { - "name" : "18175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18175/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18175/" + }, + { + "name": "15977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15977/" + }, + { + "name": "20051220 IRM 014: Sygate Protection Agent 5.0 vulnerability - A low privileged user can disable the security agent", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419909/100/0/threaded" + }, + { + "name": "http://www.irmplc.com/advisory014.htm", + "refsource": "MISC", + "url": "http://www.irmplc.com/advisory014.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4624.json b/2005/4xxx/CVE-2005-4624.json index a4fd0228b06..7da2a985292 100644 --- a/2005/4xxx/CVE-2005-4624.json +++ b/2005/4xxx/CVE-2005-4624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a \"charmed channel\" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051230 PTnet IRCD heap exhaustion and integer overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1476.html" - }, - { - "name" : "16089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16089" - }, - { - "name" : "1015425", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a \"charmed channel\" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051230 PTnet IRCD heap exhaustion and integer overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1476.html" + }, + { + "name": "16089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16089" + }, + { + "name": "1015425", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015425" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0231.json b/2009/0xxx/CVE-2009-0231.json index c91bf95175d..a84e5cc7ed0 100644 --- a/2009/0xxx/CVE-2009-0231.json +++ b/2009/0xxx/CVE-2009-0231.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka \"Embedded OpenType Font Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090714 Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811" - }, - { - "name" : "MS09-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029" - }, - { - "name" : "TA09-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" - }, - { - "name" : "55842", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55842" - }, - { - "name" : "oval:org.mitre.oval:def:5457", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457" - }, - { - "name" : "1022543", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022543" - }, - { - "name" : "ADV-2009-1887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka \"Embedded OpenType Font Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-029" + }, + { + "name": "oval:org.mitre.oval:def:5457", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5457" + }, + { + "name": "55842", + "refsource": "OSVDB", + "url": "http://osvdb.org/55842" + }, + { + "name": "20090714 Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811" + }, + { + "name": "ADV-2009-1887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1887" + }, + { + "name": "1022543", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022543" + }, + { + "name": "TA09-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2000.json b/2009/2xxx/CVE-2009-2000.json index 55dbbb61166..ac01c2b0fdd 100644 --- a/2009/2xxx/CVE-2009-2000.json +++ b/2009/2xxx/CVE-2009-2000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-2000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36756" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "36756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36756" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2139.json b/2009/2xxx/CVE-2009-2139.json index d52c229f04d..78a72e4acf5 100644 --- a/2009/2xxx/CVE-2009-2139.json +++ b/2009/2xxx/CVE-2009-2139.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090910 Re: OpenOffice.org CVE-2009-2139", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125258116800739&w=2" - }, - { - "name" : "[oss-security] 20090911 Re: OpenOffice.org CVE-2009-2139", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125265261125765&w=2" - }, - { - "name" : "[oss-security] 20090922 Re: [oss-security] OpenOffice.org CVE-2009-2139", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125363445702917&w=2" - }, - { - "name" : "[oss-security] 20091026 Re: CVE-2009-3239 is a duplicate of CVE-2009-2139 and CVE-2009-2140", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/10/26/2" - }, - { - "name" : "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55" - }, - { - "name" : "MDVSA-2010:035", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035" - }, - { - "name" : "MDVSA-2010:091", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091" - }, - { - "name" : "MDVSA-2010:105", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105" - }, - { - "name" : "SUSE-SR:2009:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" - }, - { - "name" : "DSA-1880", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1880" - }, - { - "name" : "36291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36291" - }, - { - "name" : "36613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:105", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105" + }, + { + "name": "MDVSA-2010:091", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091" + }, + { + "name": "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55" + }, + { + "name": "MDVSA-2010:035", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035" + }, + { + "name": "SUSE-SR:2009:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" + }, + { + "name": "DSA-1880", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1880" + }, + { + "name": "[oss-security] 20090922 Re: [oss-security] OpenOffice.org CVE-2009-2139", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125363445702917&w=2" + }, + { + "name": "[oss-security] 20090910 Re: OpenOffice.org CVE-2009-2139", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125258116800739&w=2" + }, + { + "name": "[oss-security] 20091026 Re: CVE-2009-3239 is a duplicate of CVE-2009-2139 and CVE-2009-2140", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/10/26/2" + }, + { + "name": "[oss-security] 20090911 Re: OpenOffice.org CVE-2009-2139", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125265261125765&w=2" + }, + { + "name": "36291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36291" + }, + { + "name": "36613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36613" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2266.json b/2009/2xxx/CVE-2009-2266.json index 11d477054c6..1e4087c881a 100644 --- a/2009/2xxx/CVE-2009-2266.json +++ b/2009/2xxx/CVE-2009-2266.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oxidforge.org/wiki/Security_bulletins/2009-003", - "refsource" : "CONFIRM", - "url" : "http://www.oxidforge.org/wiki/Security_bulletins/2009-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attackers to obtain sensitive information (session details and order history of other users) via a crafted cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003", + "refsource": "CONFIRM", + "url": "http://www.oxidforge.org/wiki/Security_bulletins/2009-003" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2823.json b/2009/2xxx/CVE-2009-2823.json index b7ba4b2f1a9..0f04943c67e 100644 --- a/2009/2xxx/CVE-2009-2823.json +++ b/2009/2xxx/CVE-2009-2823.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "MDVSA-2009:300", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:300" - }, - { - "name" : "36956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36956" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36956" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "MDVSA-2009:300", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:300" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2917.json b/2009/2xxx/CVE-2009-2917.json index 2a423743af5..c3b507ea00a 100644 --- a/2009/2xxx/CVE-2009-2917.json +++ b/2009/2xxx/CVE-2009-2917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9382", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9382" - }, - { - "name" : "mpegencoder-m3u-bo(52857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mpegencoder-m3u-bo(52857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52857" + }, + { + "name": "9382", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9382" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2947.json b/2009/2xxx/CVE-2009-2947.json index 63d2deddcc8..20c6a33f3a4 100644 --- a/2009/2xxx/CVE-2009-2947.json +++ b/2009/2xxx/CVE-2009-2947.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xapian-discuss] 20090909 Cross-site scripting issue in Omega", - "refsource" : "MLIST", - "url" : "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html" - }, - { - "name" : "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS", - "refsource" : "CONFIRM", - "url" : "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS" - }, - { - "name" : "DSA-1882", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1882" - }, - { - "name" : "36317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36317" - }, - { - "name" : "36674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36674" - }, - { - "name" : "36693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36317" + }, + { + "name": "36693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36693" + }, + { + "name": "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS", + "refsource": "CONFIRM", + "url": "http://svn.xapian.org/*checkout*/tags/1.0.16/xapian-applications/omega/NEWS" + }, + { + "name": "[xapian-discuss] 20090909 Cross-site scripting issue in Omega", + "refsource": "MLIST", + "url": "http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html" + }, + { + "name": "36674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36674" + }, + { + "name": "DSA-1882", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1882" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3044.json b/2009/3xxx/CVE-2009-3044.json index 63cad116706..4dcbb11b995 100644 --- a/2009/3xxx/CVE-2009-3044.json +++ b/2009/3xxx/CVE-2009-3044.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 10.00 does not properly handle a (1) '\\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/1000/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1000/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1000/" - }, - { - "name" : "http://www.opera.com/support/kb/view/934/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/934/" - }, - { - "name" : "oval:org.mitre.oval:def:6444", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 10.00 does not properly handle a (1) '\\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/freebsd/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/1000/" + }, + { + "name": "oval:org.mitre.oval:def:6444", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/1000/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1000/" + }, + { + "name": "http://www.opera.com/support/kb/view/934/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/934/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1000/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1000/" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3210.json b/2009/3xxx/CVE-2009-3210.json index 51d547cb1fb..631fb946a9c 100644 --- a/2009/3xxx/CVE-2009-3210.json +++ b/2009/3xxx/CVE-2009-3210.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/554326", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/554326" - }, - { - "name" : "http://drupal.org/node/554328", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/554328" - }, - { - "name" : "http://drupal.org/node/554448", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/554448" - }, - { - "name" : "57192", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57192" - }, - { - "name" : "36395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36395" - }, - { - "name" : "printeremailpdf-drupal-unspecified-xss(52593)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57192", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57192" + }, + { + "name": "http://drupal.org/node/554326", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/554326" + }, + { + "name": "http://drupal.org/node/554448", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/554448" + }, + { + "name": "printeremailpdf-drupal-unspecified-xss(52593)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52593" + }, + { + "name": "36395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36395" + }, + { + "name": "http://drupal.org/node/554328", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/554328" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3328.json b/2009/3xxx/CVE-2009-3328.json index 4e5d58c814d..49263cd8d4f 100644 --- a/2009/3xxx/CVE-2009-3328.json +++ b/2009/3xxx/CVE-2009-3328.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9730", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9730" - }, - { - "name" : "36806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36806" + }, + { + "name": "9730", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9730" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3470.json b/2009/3xxx/CVE-2009-3470.json index bbc8b741226..b69672497f7 100644 --- a/2009/3xxx/CVE-2009-3470.json +++ b/2009/3xxx/CVE-2009-3470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IC61195", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195" - }, - { - "name" : "36538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36538" - }, - { - "name" : "1022955", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022955" - }, - { - "name" : "36853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36853" - }, - { - "name" : "ADV-2009-2786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36538" + }, + { + "name": "IC61195", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195" + }, + { + "name": "1022955", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022955" + }, + { + "name": "36853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36853" + }, + { + "name": "ADV-2009-2786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2786" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3873.json b/2009/3xxx/CVE-2009-3873.json index 987d7639ef5..261bc1c3f11 100644 --- a/2009/3xxx/CVE-2009-3873.json +++ b/2009/3xxx/CVE-2009-3873.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "http://support.apple.com/kb/HT3969", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3969" - }, - { - "name" : "http://support.apple.com/kb/HT3970", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3970" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "APPLE-SA-2009-12-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-12-03-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMU02703", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" - }, - { - "name" : "SSRT100242", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02503", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" - }, - { - "name" : "SSRT100019", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2009:1694", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html" - }, - { - "name" : "270474", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1" - }, - { - "name" : "SUSE-SA:2009:058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" - }, - { - "name" : "36881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36881" - }, - { - "name" : "oval:org.mitre.oval:def:6970", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970" - }, - { - "name" : "oval:org.mitre.oval:def:8396", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396" - }, - { - "name" : "oval:org.mitre.oval:def:9602", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602" - }, - { - "name" : "oval:org.mitre.oval:def:11746", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746" - }, - { - "name" : "1023132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023132" - }, - { - "name" : "37231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37231" - }, - { - "name" : "37239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37239" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37581" - }, - { - "name" : "37841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37841" - }, - { - "name" : "ADV-2009-3131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02503", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2" + }, + { + "name": "36881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36881" + }, + { + "name": "http://support.apple.com/kb/HT3970", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3970" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "http://support.apple.com/kb/HT3969", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3969" + }, + { + "name": "oval:org.mitre.oval:def:9602", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602" + }, + { + "name": "HPSBMU02703", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1694", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html" + }, + { + "name": "APPLE-SA-2009-12-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:8396", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396" + }, + { + "name": "37231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37231" + }, + { + "name": "SSRT100019", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2" + }, + { + "name": "1023132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023132" + }, + { + "name": "SSRT100242", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2" + }, + { + "name": "SUSE-SA:2009:058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" + }, + { + "name": "270474", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1" + }, + { + "name": "ADV-2009-3131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3131" + }, + { + "name": "APPLE-SA-2009-12-03-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:6970", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970" + }, + { + "name": "37581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37581" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "37841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37841" + }, + { + "name": "oval:org.mitre.oval:def:11746", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746" + }, + { + "name": "37239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37239" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4533.json b/2009/4xxx/CVE-2009-4533.json index 0a1b8a8f837..8708eb2100a 100644 --- a/2009/4xxx/CVE-2009-4533.json +++ b/2009/4xxx/CVE-2009-4533.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/604920", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604920" - }, - { - "name" : "http://drupal.org/node/604922", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604922" - }, - { - "name" : "http://drupal.org/node/604942", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/604942" - }, - { - "name" : "36708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36708" - }, - { - "name" : "58946", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58946" - }, - { - "name" : "37021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37021" - }, - { - "name" : "ADV-2009-2923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2923" - }, - { - "name" : "drupal-webform-cache-info-disclosure(53797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36708" + }, + { + "name": "37021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37021" + }, + { + "name": "ADV-2009-2923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2923" + }, + { + "name": "http://drupal.org/node/604920", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604920" + }, + { + "name": "http://drupal.org/node/604942", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604942" + }, + { + "name": "http://drupal.org/node/604922", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/604922" + }, + { + "name": "58946", + "refsource": "OSVDB", + "url": "http://osvdb.org/58946" + }, + { + "name": "drupal-webform-cache-info-disclosure(53797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4900.json b/2009/4xxx/CVE-2009-4900.json index ec7dfe965bb..329ef529db0 100644 --- a/2009/4xxx/CVE-2009-4900.json +++ b/2009/4xxx/CVE-2009-4900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2814.json b/2012/2xxx/CVE-2012-2814.json index 7713d4c0781..d82645d4be0 100644 --- a/2012/2xxx/CVE-2012-2814.json +++ b/2012/2xxx/CVE-2012-2814.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-2559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2559" - }, - { - "name" : "RHSA-2012:1255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" - }, - { - "name" : "SUSE-SU-2012:0902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0903", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" - }, - { - "name" : "USN-1513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1513-1" - }, - { - "name" : "54437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54437" - }, - { - "name" : "49988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54437" + }, + { + "name": "DSA-2559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2559" + }, + { + "name": "SUSE-SU-2012:0903", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" + }, + { + "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" + }, + { + "name": "49988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49988" + }, + { + "name": "RHSA-2012:1255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "USN-1513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1513-1" + }, + { + "name": "SUSE-SU-2012:0902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0241.json b/2015/0xxx/CVE-2015-0241.json index c519e6e534b..f044db482b3 100644 --- a/2015/0xxx/CVE-2015-0241.json +++ b/2015/0xxx/CVE-2015-0241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0246.json b/2015/0xxx/CVE-2015-0246.json index 73f881dbb28..9fdd6339f67 100644 --- a/2015/0xxx/CVE-2015-0246.json +++ b/2015/0xxx/CVE-2015-0246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0246", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1493. Reason: This candidate is a reservation duplicate of CVE-2015-1493. Notes: All CVE users should reference CVE-2015-1493 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0246", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1493. Reason: This candidate is a reservation duplicate of CVE-2015-1493. Notes: All CVE users should reference CVE-2015-1493 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0269.json b/2015/0xxx/CVE-2015-0269.json index a63fc0df0f6..b0146e9f944 100644 --- a/2015/0xxx/CVE-2015-0269.json +++ b/2015/0xxx/CVE-2015-0269.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://contao.org/en/news/contao-3_2_19.html", - "refsource" : "CONFIRM", - "url" : "https://contao.org/en/news/contao-3_2_19.html" - }, - { - "name" : "https://contao.org/en/news/contao-3_4_4.html", - "refsource" : "CONFIRM", - "url" : "https://contao.org/en/news/contao-3_4_4.html" - }, - { - "name" : "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html", - "refsource" : "CONFIRM", - "url" : "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://contao.org/en/news/contao-3_2_19.html", + "refsource": "CONFIRM", + "url": "https://contao.org/en/news/contao-3_2_19.html" + }, + { + "name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html", + "refsource": "CONFIRM", + "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html" + }, + { + "name": "https://contao.org/en/news/contao-3_4_4.html", + "refsource": "CONFIRM", + "url": "https://contao.org/en/news/contao-3_4_4.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0432.json b/2015/0xxx/CVE-2015-0432.json index a79f25e83ff..a5149cb820a 100644 --- a/2015/0xxx/CVE-2015-0432.json +++ b/2015/0xxx/CVE-2015-0432.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3135", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3135" - }, - { - "name" : "FEDORA-2015-1162", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" - }, - { - "name" : "GLSA-201504-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-05" - }, - { - "name" : "RHSA-2015:0116", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0116.html" - }, - { - "name" : "RHSA-2015:0117", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0117.html" - }, - { - "name" : "RHSA-2015:0118", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0118.html" - }, - { - "name" : "RHSA-2015:1628", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "USN-2480-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2480-1" - }, - { - "name" : "72217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72217" - }, - { - "name" : "1031581", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031581" - }, - { - "name" : "62728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62728" - }, - { - "name" : "62730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62730" - }, - { - "name" : "62732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62732" - }, - { - "name" : "oracle-cpujan2015-cve20150432(100187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0118", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0118.html" + }, + { + "name": "DSA-3135", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3135" + }, + { + "name": "RHSA-2015:0116", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0116.html" + }, + { + "name": "USN-2480-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2480-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "RHSA-2015:1628", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html" + }, + { + "name": "62732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62732" + }, + { + "name": "RHSA-2015:0117", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0117.html" + }, + { + "name": "oracle-cpujan2015-cve20150432(100187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100187" + }, + { + "name": "1031581", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031581" + }, + { + "name": "GLSA-201504-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-05" + }, + { + "name": "62728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62728" + }, + { + "name": "FEDORA-2015-1162", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html" + }, + { + "name": "62730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62730" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "72217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72217" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1001.json b/2015/1xxx/CVE-2015-1001.json index 64d3029217a..1a05333609b 100644 --- a/2015/1xxx/CVE-2015-1001.json +++ b/2015/1xxx/CVE-2015-1001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-1001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1207.json b/2015/1xxx/CVE-2015-1207.json index 7432acc056d..d96ccc7d375 100644 --- a/2015/1xxx/CVE-2015-1207.json +++ b/2015/1xxx/CVE-2015-1207.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html" - }, - { - "name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444539", - "refsource" : "CONFIRM", - "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=444539" - }, - { - "name" : "https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9", - "refsource" : "CONFIRM", - "url" : "https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=444539", + "refsource": "CONFIRM", + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=444539" + }, + { + "name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html" + }, + { + "name": "https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9", + "refsource": "CONFIRM", + "url": "https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1622.json b/2015/1xxx/CVE-2015-1622.json index 7cba2c4ab25..d5b4da3b4a7 100644 --- a/2015/1xxx/CVE-2015-1622.json +++ b/2015/1xxx/CVE-2015-1622.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" - }, - { - "name" : "72927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72927" - }, - { - "name" : "1031888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018" + }, + { + "name": "1031888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031888" + }, + { + "name": "72927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72927" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4838.json b/2015/4xxx/CVE-2015-4838.json index a6e0cee0df0..5451d4dc36d 100644 --- a/2015/4xxx/CVE-2015-4838.json +++ b/2015/4xxx/CVE-2015-4838.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033898" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5327.json b/2015/5xxx/CVE-2015-5327.json index 82ec11ae23c..59a1e17abd6 100644 --- a/2015/5xxx/CVE-2015-5327.json +++ b/2015/5xxx/CVE-2015-5327.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151127 CVE-2015-5327 kernel: User triggerable out-of-bounds read", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/27/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1278978", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1278978" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20151127 CVE-2015-5327 kernel: User triggerable out-of-bounds read", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/27/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278978" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3052.json b/2018/3xxx/CVE-2018-3052.json index df0718de0c5..39c5c0e6524 100644 --- a/2018/3xxx/CVE-2018-3052.json +++ b/2018/3xxx/CVE-2018-3052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MICROS Relate CRM Software", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "10.8.x" - }, - { - "version_affected" : "=", - "version_value" : "11.4.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MICROS Relate CRM Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.8.x" + }, + { + "version_affected": "=", + "version_value": "11.4.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS Relate CRM Software. While the vulnerability is in MICROS Relate CRM Software, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MICROS Relate CRM Software accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MICROS Relate CRM Software." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104825" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3973.json b/2018/3xxx/CVE-2018-3973.json index 7d67d15ead2..5ce98fd98ca 100644 --- a/2018/3xxx/CVE-2018-3973.json +++ b/2018/3xxx/CVE-2018-3973.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2019-01-30T00:00:00", - "ID" : "CVE-2018-3973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ACD Systems", - "version" : { - "version_data" : [ - { - "version_value" : "ACDSystems Canvas Draw 5.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds write code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2019-01-30T00:00:00", + "ID": "CVE-2018-3973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ACD Systems", + "version": { + "version_data": [ + { + "version_value": "ACDSystems Canvas Draw 5.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0638", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0638" - }, - { - "name" : "106809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0638", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0638" + }, + { + "name": "106809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106809" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6089.json b/2018/6xxx/CVE-2018-6089.json index 803541a7441..684952c95a8 100644 --- a/2018/6xxx/CVE-2018-6089.json +++ b/2018/6xxx/CVE-2018-6089.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/808838", - "refsource" : "MISC", - "url" : "https://crbug.com/808838" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/808838", + "refsource": "MISC", + "url": "https://crbug.com/808838" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6547.json b/2018/6xxx/CVE-2018-6547.json index 4102ff96d0e..1e40096ec03 100644 --- a/2018/6xxx/CVE-2018-6547.json +++ b/2018/6xxx/CVE-2018-6547.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.securifera.com/advisories/CVE-2018-6547/", - "refsource" : "MISC", - "url" : "https://www.securifera.com/advisories/CVE-2018-6547/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.securifera.com/advisories/CVE-2018-6547/", + "refsource": "MISC", + "url": "https://www.securifera.com/advisories/CVE-2018-6547/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6717.json b/2018/6xxx/CVE-2018-6717.json index 703a1c58adc..d9b727e5663 100644 --- a/2018/6xxx/CVE-2018-6717.json +++ b/2018/6xxx/CVE-2018-6717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7905.json b/2018/7xxx/CVE-2018-7905.json index 5f872830189..9420d1750c2 100644 --- a/2018/7xxx/CVE-2018-7905.json +++ b/2018/7xxx/CVE-2018-7905.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7905", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7905", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7949.json b/2018/7xxx/CVE-2018-7949.json index bbbde936a85..20e7acf9608 100644 --- a/2018/7xxx/CVE-2018-7949.json +++ b/2018/7xxx/CVE-2018-7949.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3", - "version" : { - "version_data" : [ - { - "version_value" : "1288H V5 V100R005C00" - }, - { - "version_value" : "2288H V5 V100R005C00" - }, - { - "version_value" : "2488 V5 V100R005C00" - }, - { - "version_value" : "CH121 V3 V100R001C00" - }, - { - "version_value" : "CH121L V3 V100R001C00" - }, - { - "version_value" : "CH121L V5 V100R001C00" - }, - { - "version_value" : "CH121 V5 V100R001C00" - }, - { - "version_value" : "CH140 V3 V100R001C00" - }, - { - "version_value" : "CH140L V3 V100R001C00" - }, - { - "version_value" : "CH220 V3 V100R001C00" - }, - { - "version_value" : "CH222 V3 V100R001C00" - }, - { - "version_value" : "CH242 V3 V100R001C00" - }, - { - "version_value" : "CH242 V5 V100R001C00" - }, - { - "version_value" : "RH1288 V3 V100R003C00" - }, - { - "version_value" : "RH2288 V3 V100R003C00" - }, - { - "version_value" : "RH2288H V3 V100R003C00" - }, - { - "version_value" : "XH310 V3 V100R003C00" - }, - { - "version_value" : "XH321 V3 V100R003C00" - }, - { - "version_value" : "XH321 V5 V100R005C00" - }, - { - "version_value" : "XH620 V3 V100R003C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "1288H V5; 2288H V5; 2488 V5 ; CH121 V3; CH121L V3; CH121L V5 ; CH121 V5 ; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5 ; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3", + "version": { + "version_data": [ + { + "version_value": "1288H V5 V100R005C00" + }, + { + "version_value": "2288H V5 V100R005C00" + }, + { + "version_value": "2488 V5 V100R005C00" + }, + { + "version_value": "CH121 V3 V100R001C00" + }, + { + "version_value": "CH121L V3 V100R001C00" + }, + { + "version_value": "CH121L V5 V100R001C00" + }, + { + "version_value": "CH121 V5 V100R001C00" + }, + { + "version_value": "CH140 V3 V100R001C00" + }, + { + "version_value": "CH140L V3 V100R001C00" + }, + { + "version_value": "CH220 V3 V100R001C00" + }, + { + "version_value": "CH222 V3 V100R001C00" + }, + { + "version_value": "CH242 V3 V100R001C00" + }, + { + "version_value": "CH242 V5 V100R001C00" + }, + { + "version_value": "RH1288 V3 V100R003C00" + }, + { + "version_value": "RH2288 V3 V100R003C00" + }, + { + "version_value": "RH2288H V3 V100R003C00" + }, + { + "version_value": "XH310 V3 V100R003C00" + }, + { + "version_value": "XH321 V3 V100R003C00" + }, + { + "version_value": "XH321 V5 V100R005C00" + }, + { + "version_value": "XH620 V3 V100R003C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-03-server-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8005.json b/2018/8xxx/CVE-2018-8005.json index 50371d885c5..8dce0002fb7 100644 --- a/2018/8xxx/CVE-2018-8005.json +++ b/2018/8xxx/CVE-2018-8005.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-08-28T00:00:00", - "ID" : "CVE-2018-8005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Traffic Server", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.0 to 6.2.2" - }, - { - "version_value" : "7.0.0 to 7.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-08-28T00:00:00", + "ID": "CVE-2018-8005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "6.0.0 to 6.2.2" + }, + { + "version_value": "7.0.0 to 7.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with multi-range requests - CVE-2018-8005", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E" - }, - { - "name" : "https://github.com/apache/trafficserver/pull/3106", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/trafficserver/pull/3106" - }, - { - "name" : "https://github.com/apache/trafficserver/pull/3124", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/trafficserver/pull/3124" - }, - { - "name" : "DSA-4282", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4282" - }, - { - "name" : "105187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with multi-range requests - CVE-2018-8005", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E" + }, + { + "name": "DSA-4282", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4282" + }, + { + "name": "105187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105187" + }, + { + "name": "https://github.com/apache/trafficserver/pull/3106", + "refsource": "CONFIRM", + "url": "https://github.com/apache/trafficserver/pull/3106" + }, + { + "name": "https://github.com/apache/trafficserver/pull/3124", + "refsource": "CONFIRM", + "url": "https://github.com/apache/trafficserver/pull/3124" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8291.json b/2018/8xxx/CVE-2018-8291.json index 4747caf5a54..6639ed44009 100644 --- a/2018/8xxx/CVE-2018-8291.json +++ b/2018/8xxx/CVE-2018-8291.json @@ -1,183 +1,183 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45215", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45215/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291" - }, - { - "name" : "104637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104637" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - }, - { - "name" : "1041258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104637" + }, + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "1041258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041258" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291" + }, + { + "name": "45215", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45215/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8653.json b/2018/8xxx/CVE-2018-8653.json index 9480b689366..9c597456dfb 100644 --- a/2018/8xxx/CVE-2018-8653.json +++ b/2018/8xxx/CVE-2018-8653.json @@ -1,159 +1,159 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653" - }, - { - "name" : "106255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653" + }, + { + "name": "106255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106255" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8769.json b/2018/8xxx/CVE-2018-8769.json index b0378947b51..900cedd6a35 100644 --- a/2018/8xxx/CVE-2018-8769.json +++ b/2018/8xxx/CVE-2018-8769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22976", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22976", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22976" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8996.json b/2018/8xxx/CVE-2018-8996.json index 5f54412525c..490e9b8ee94 100644 --- a/2018/8xxx/CVE-2018-8996.json +++ b/2018/8xxx/CVE-2018-8996.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002007", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002007", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002007" + } + ] + } +} \ No newline at end of file