From e56c8d0de70ab185648fca2ea049cddffe238c41 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:45:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1328.json | 150 +++++++++--------- 1999/1xxx/CVE-1999-1409.json | 160 +++++++++---------- 2000/1xxx/CVE-2000-1084.json | 140 ++++++++-------- 2005/2xxx/CVE-2005-2075.json | 140 ++++++++-------- 2005/2xxx/CVE-2005-2155.json | 120 +++++++------- 2005/2xxx/CVE-2005-2380.json | 130 +++++++-------- 2005/2xxx/CVE-2005-2475.json | 300 +++++++++++++++++------------------ 2005/2xxx/CVE-2005-2550.json | 240 ++++++++++++++-------------- 2005/2xxx/CVE-2005-2671.json | 34 ++-- 2005/3xxx/CVE-2005-3126.json | 170 ++++++++++---------- 2005/3xxx/CVE-2005-3484.json | 160 +++++++++---------- 2005/4xxx/CVE-2005-4053.json | 190 +++++++++++----------- 2005/4xxx/CVE-2005-4202.json | 160 +++++++++---------- 2005/4xxx/CVE-2005-4583.json | 170 ++++++++++---------- 2009/2xxx/CVE-2009-2025.json | 140 ++++++++-------- 2009/2xxx/CVE-2009-2596.json | 150 +++++++++--------- 2009/2xxx/CVE-2009-2600.json | 130 +++++++-------- 2009/2xxx/CVE-2009-2842.json | 200 +++++++++++------------ 2009/3xxx/CVE-2009-3475.json | 170 ++++++++++---------- 2009/3xxx/CVE-2009-3596.json | 130 +++++++-------- 2009/3xxx/CVE-2009-3688.json | 34 ++-- 2009/3xxx/CVE-2009-3777.json | 34 ++-- 2009/3xxx/CVE-2009-3968.json | 130 +++++++-------- 2009/4xxx/CVE-2009-4403.json | 160 +++++++++---------- 2009/4xxx/CVE-2009-4567.json | 150 +++++++++--------- 2015/0xxx/CVE-2015-0215.json | 140 ++++++++-------- 2015/0xxx/CVE-2015-0373.json | 150 +++++++++--------- 2015/0xxx/CVE-2015-0539.json | 34 ++-- 2015/0xxx/CVE-2015-0694.json | 130 +++++++-------- 2015/0xxx/CVE-2015-0966.json | 34 ++-- 2015/1xxx/CVE-2015-1285.json | 200 +++++++++++------------ 2015/1xxx/CVE-2015-1297.json | 200 +++++++++++------------ 2015/1xxx/CVE-2015-1465.json | 250 ++++++++++++++--------------- 2015/1xxx/CVE-2015-1479.json | 160 +++++++++---------- 2015/1xxx/CVE-2015-1570.json | 130 +++++++-------- 2015/4xxx/CVE-2015-4039.json | 34 ++-- 2015/4xxx/CVE-2015-4504.json | 220 ++++++++++++------------- 2015/4xxx/CVE-2015-4888.json | 130 +++++++-------- 2015/4xxx/CVE-2015-4960.json | 120 +++++++------- 2015/9xxx/CVE-2015-9091.json | 34 ++-- 2018/2xxx/CVE-2018-2248.json | 34 ++-- 2018/2xxx/CVE-2018-2277.json | 34 ++-- 2018/2xxx/CVE-2018-2283.json | 34 ++-- 2018/3xxx/CVE-2018-3687.json | 120 +++++++------- 2018/3xxx/CVE-2018-3825.json | 130 +++++++-------- 2018/6xxx/CVE-2018-6164.json | 172 ++++++++++---------- 2018/6xxx/CVE-2018-6281.json | 34 ++-- 2018/6xxx/CVE-2018-6367.json | 130 +++++++-------- 2018/6xxx/CVE-2018-6984.json | 34 ++-- 2018/7xxx/CVE-2018-7025.json | 34 ++-- 2018/7xxx/CVE-2018-7184.json | 200 +++++++++++------------ 2018/7xxx/CVE-2018-7191.json | 34 ++-- 2018/7xxx/CVE-2018-7342.json | 34 ++-- 2018/7xxx/CVE-2018-7928.json | 120 +++++++------- 2019/5xxx/CVE-2019-5281.json | 34 ++-- 2019/5xxx/CVE-2019-5376.json | 34 ++-- 2019/5xxx/CVE-2019-5691.json | 34 ++-- 57 files changed, 3452 insertions(+), 3452 deletions(-) diff --git a/1999/1xxx/CVE-1999-1328.json b/1999/1xxx/CVE-1999-1328.json index 3b777d50466..2f59fa8cdb1 100644 --- a/1999/1xxx/CVE-1999-1328.json +++ b/1999/1xxx/CVE-1999-1328.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980823 Security concerns in linuxconf shipped w/RedHat 5.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90383955231511&w=2" - }, - { - "name" : "http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf" - }, - { - "name" : "linuxconf-symlink-gain-privileges(7232)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7232.php" - }, - { - "name" : "6068", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf" + }, + { + "name": "19980823 Security concerns in linuxconf shipped w/RedHat 5.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90383955231511&w=2" + }, + { + "name": "6068", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6068" + }, + { + "name": "linuxconf-symlink-gain-privileges(7232)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7232.php" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1409.json b/1999/1xxx/CVE-1999-1409.json index 59f2ba2b375..c12888298e7 100644 --- a/1999/1xxx/CVE-1999-1409.json +++ b/1999/1xxx/CVE-1999-1409.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19980703 more about 'at'", - "refsource" : "BUGTRAQ", - "url" : "http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html" - }, - { - "name" : "19980805 irix-6.2 \"at -f\" vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=90233906612929&w=2" - }, - { - "name" : "NetBSD-SA1998-004", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc" - }, - { - "name" : "331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/331" - }, - { - "name" : "at-f-read-files(7577)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7577.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/331" + }, + { + "name": "19980703 more about 'at'", + "refsource": "BUGTRAQ", + "url": "http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html" + }, + { + "name": "NetBSD-SA1998-004", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc" + }, + { + "name": "at-f-read-files(7577)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7577.php" + }, + { + "name": "19980805 irix-6.2 \"at -f\" vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=90233906612929&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1084.json b/2000/1xxx/CVE-2000-1084.json index 429796b5116..e3c1a96631b 100644 --- a/2000/1xxx/CVE-2000-1084.json +++ b/2000/1xxx/CVE-2000-1084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001201 Microsoft SQL Server extended stored procedure vulnerability", - "refsource" : "ATSTAKE", - "url" : "http://marc.info/?l=bugtraq&m=97570878710037&w=2" - }, - { - "name" : "MS00-092", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092" - }, - { - "name" : "2039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001201 Microsoft SQL Server extended stored procedure vulnerability", + "refsource": "ATSTAKE", + "url": "http://marc.info/?l=bugtraq&m=97570878710037&w=2" + }, + { + "name": "MS00-092", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092" + }, + { + "name": "2039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2039" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2075.json b/2005/2xxx/CVE-2005-2075.json index e5393a17bfd..aa00363406a 100644 --- a/2005/2xxx/CVE-2005-2075.json +++ b/2005/2xxx/CVE-2005-2075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dark-assassins.com/forum/viewtopic.php?t=142", - "refsource" : "MISC", - "url" : "http://dark-assassins.com/forum/viewtopic.php?t=142" - }, - { - "name" : "ADV-2005-0888", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0888" - }, - { - "name" : "15830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15830" + }, + { + "name": "ADV-2005-0888", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0888" + }, + { + "name": "http://dark-assassins.com/forum/viewtopic.php?t=142", + "refsource": "MISC", + "url": "http://dark-assassins.com/forum/viewtopic.php?t=142" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2155.json b/2005/2xxx/CVE-2005-2155.json index 3c6dd7cb422..04c73722d6b 100644 --- a/2005/2xxx/CVE-2005-2155.json +++ b/2005/2xxx/CVE-2005-2155.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15893" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2380.json b/2005/2xxx/CVE-2005-2380.json index 4eceeffa4d7..9f76c0c37a3 100644 --- a/2005/2xxx/CVE-2005-2380.json +++ b/2005/2xxx/CVE-2005-2380.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050720 Multiple Vulnerabilities in PHP Surveyor", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112188282401681&w=2" - }, - { - "name" : "16123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16123" + }, + { + "name": "20050720 Multiple Vulnerabilities in PHP Surveyor", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112188282401681&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2475.json b/2005/2xxx/CVE-2005-2475.json index 90adf40e10f..9a9a761e9f1 100644 --- a/2005/2xxx/CVE-2005-2475.json +++ b/2005/2xxx/CVE-2005-2475.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050801 unzip TOCTOU file-permissions vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112300046224117&w=2" - }, - { - "name" : "http://www.info-zip.org/FAQ.html", - "refsource" : "CONFIRM", - "url" : "http://www.info-zip.org/FAQ.html" - }, - { - "name" : "DSA-903", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-903" - }, - { - "name" : "MDKSA-2005:197", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:197" - }, - { - "name" : "RHSA-2007:0203", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0203.html" - }, - { - "name" : "SCOSA-2005.39", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt" - }, - { - "name" : "2005-0053", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0053/" - }, - { - "name" : "USN-191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-191-1" - }, - { - "name" : "14450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14450" - }, - { - "name" : "18530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18530" - }, - { - "name" : "oval:org.mitre.oval:def:9975", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975" - }, - { - "name" : "16309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16309" - }, - { - "name" : "17653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17653" - }, - { - "name" : "17045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17045" - }, - { - "name" : "17342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17342" - }, - { - "name" : "16985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16985" - }, - { - "name" : "17006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17006" - }, - { - "name" : "25098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25098" - }, - { - "name" : "32", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25098" + }, + { + "name": "17653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17653" + }, + { + "name": "http://www.info-zip.org/FAQ.html", + "refsource": "CONFIRM", + "url": "http://www.info-zip.org/FAQ.html" + }, + { + "name": "2005-0053", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0053/" + }, + { + "name": "USN-191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-191-1" + }, + { + "name": "18530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18530" + }, + { + "name": "14450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14450" + }, + { + "name": "17342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17342" + }, + { + "name": "16985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16985" + }, + { + "name": "SCOSA-2005.39", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt" + }, + { + "name": "20050801 unzip TOCTOU file-permissions vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112300046224117&w=2" + }, + { + "name": "32", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/32" + }, + { + "name": "DSA-903", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-903" + }, + { + "name": "RHSA-2007:0203", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html" + }, + { + "name": "17045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17045" + }, + { + "name": "17006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17006" + }, + { + "name": "16309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16309" + }, + { + "name": "oval:org.mitre.oval:def:9975", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975" + }, + { + "name": "MDKSA-2005:197", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:197" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2550.json b/2005/2xxx/CVE-2005-2550.json index 56fbb4d7b54..557a0b77605 100644 --- a/2005/2xxx/CVE-2005-2550.json +++ b/2005/2xxx/CVE-2005-2550.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050810 Evolution multiple remote format string bugs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/407789" - }, - { - "name" : "20050810 Evolution multiple remote format string bugs", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=112368237712032&w=2" - }, - { - "name" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html", - "refsource" : "MISC", - "url" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html" - }, - { - "name" : "DSA-1016", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1016" - }, - { - "name" : "FEDORA-2005-743", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html" - }, - { - "name" : "MDKSA-2005:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141" - }, - { - "name" : "RHSA-2005:267", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-267.html" - }, - { - "name" : "SUSE-SA:2005:054", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_54_evolution.html" - }, - { - "name" : "USN-166-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/166-1/" - }, - { - "name" : "14532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14532" - }, - { - "name" : "oval:org.mitre.oval:def:10880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880" - }, - { - "name" : "16394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16394" - }, - { - "name" : "19380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2005:054", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_54_evolution.html" + }, + { + "name": "14532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14532" + }, + { + "name": "RHSA-2005:267", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-267.html" + }, + { + "name": "19380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19380" + }, + { + "name": "DSA-1016", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1016" + }, + { + "name": "FEDORA-2005-743", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html" + }, + { + "name": "MDKSA-2005:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141" + }, + { + "name": "16394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16394" + }, + { + "name": "oval:org.mitre.oval:def:10880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880" + }, + { + "name": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html", + "refsource": "MISC", + "url": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html" + }, + { + "name": "20050810 Evolution multiple remote format string bugs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/407789" + }, + { + "name": "20050810 Evolution multiple remote format string bugs", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=112368237712032&w=2" + }, + { + "name": "USN-166-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/166-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2671.json b/2005/2xxx/CVE-2005-2671.json index d35a0714477..697b0510324 100644 --- a/2005/2xxx/CVE-2005-2671.json +++ b/2005/2xxx/CVE-2005-2671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2671", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2041. Reason: This candidate is a duplicate of CVE-2005-2041. Notes: All CVE users should reference CVE-2005-2041 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-2671", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2041. Reason: This candidate is a duplicate of CVE-2005-2041. Notes: All CVE users should reference CVE-2005-2041 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3126.json b/2005/3xxx/CVE-2005-3126.json index 1e5e4a36940..0366a97aadf 100644 --- a/2005/3xxx/CVE-2005-3126.json +++ b/2005/3xxx/CVE-2005-3126.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-945" - }, - { - "name" : "16278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16278" - }, - { - "name" : "ADV-2006-0242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0242" - }, - { - "name" : "15866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15866" - }, - { - "name" : "18530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18530" - }, - { - "name" : "antiword-tmp-file-symlink(24194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15866" + }, + { + "name": "ADV-2006-0242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0242" + }, + { + "name": "16278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16278" + }, + { + "name": "antiword-tmp-file-symlink(24194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24194" + }, + { + "name": "18530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18530" + }, + { + "name": "DSA-945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-945" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3484.json b/2005/3xxx/CVE-2005-3484.json index 2a69eb4a934..1291e297d57 100644 --- a/2005/3xxx/CVE-2005-3484.json +++ b/2005/3xxx/CVE-2005-3484.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via \"..\" and hex-encoded (1) slash \"/\" (\"%2f\") or (2) backslash \"\\\" (\"%5c\") sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 Limited directory traversal in NeroNET 1.2.0.2", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113096009930152&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/neronet-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/neronet-adv.txt" - }, - { - "name" : "15288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15288" - }, - { - "name" : "ADV-2005-2287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2287" - }, - { - "name" : "17421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via \"..\" and hex-encoded (1) slash \"/\" (\"%2f\") or (2) backslash \"\\\" (\"%5c\") sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051102 Limited directory traversal in NeroNET 1.2.0.2", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113096009930152&w=2" + }, + { + "name": "15288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15288" + }, + { + "name": "17421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17421" + }, + { + "name": "http://aluigi.altervista.org/adv/neronet-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/neronet-adv.txt" + }, + { + "name": "ADV-2005-2287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2287" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4053.json b/2005/4xxx/CVE-2005-4053.json index eb7bf43b8ea..d5befc81635 100644 --- a/2005/4xxx/CVE-2005-4053.json +++ b/2005/4xxx/CVE-2005-4053.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070821 Vulnerabilities digest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477253/100/0/threaded" - }, - { - "name" : "http://securityvulns.ru/Rdocument692.html", - "refsource" : "MISC", - "url" : "http://securityvulns.ru/Rdocument692.html" - }, - { - "name" : "http://websecurity.com.ua/1131/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/1131/" - }, - { - "name" : "http://cowiki.tigris.org/issues/show_bug.cgi?id=234", - "refsource" : "CONFIRM", - "url" : "http://cowiki.tigris.org/issues/show_bug.cgi?id=234" - }, - { - "name" : "25393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25393" - }, - { - "name" : "ADV-2005-2765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2765" - }, - { - "name" : "http://pridels0.blogspot.com/2005/12/cowiki-034-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/cowiki-034-xss-vuln.html" - }, - { - "name" : "17913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25393" + }, + { + "name": "17913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17913" + }, + { + "name": "http://cowiki.tigris.org/issues/show_bug.cgi?id=234", + "refsource": "CONFIRM", + "url": "http://cowiki.tigris.org/issues/show_bug.cgi?id=234" + }, + { + "name": "ADV-2005-2765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2765" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/cowiki-034-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/cowiki-034-xss-vuln.html" + }, + { + "name": "20070821 Vulnerabilities digest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477253/100/0/threaded" + }, + { + "name": "http://websecurity.com.ua/1131/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/1131/" + }, + { + "name": "http://securityvulns.ru/Rdocument692.html", + "refsource": "MISC", + "url": "http://securityvulns.ru/Rdocument692.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4202.json b/2005/4xxx/CVE-2005-4202.json index a8460caa678..ef4a45d6b10 100644 --- a/2005/4xxx/CVE-2005-4202.json +++ b/2005/4xxx/CVE-2005-4202.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) \"...\" (triple dot), and (3) \"..//\" sequences in the URL, (4) \"../\" sequences in the source parameter to viewsource.jsp, or (5) \"..\\\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/logisphere_server.zip", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/logisphere_server.zip" - }, - { - "name" : "15807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15807" - }, - { - "name" : "ADV-2005-2840", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2840" - }, - { - "name" : "17989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17989" - }, - { - "name" : "logisphere-dotdot-directory-traversal(23552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) \"...\" (triple dot), and (3) \"..//\" sequences in the URL, (4) \"../\" sequences in the source parameter to viewsource.jsp, or (5) \"..\\\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "logisphere-dotdot-directory-traversal(23552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23552" + }, + { + "name": "15807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15807" + }, + { + "name": "ADV-2005-2840", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2840" + }, + { + "name": "17989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17989" + }, + { + "name": "http://www.ipomonis.com/advisories/logisphere_server.zip", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/logisphere_server.zip" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4583.json b/2005/4xxx/CVE-2005-4583.json index 881415fa0b0..d78916d588b 100644 --- a/2005/4xxx/CVE-2005-4583.json +++ b/2005/4xxx/CVE-2005-4583.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows \"remote code execution in the Web browser\" via unspecified attack vectors, probably related to cross-site scripting (XSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001" - }, - { - "name" : "16086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16086" - }, - { - "name" : "ADV-2005-3084", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3084" - }, - { - "name" : "22119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22119" - }, - { - "name" : "1015422", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015422" - }, - { - "name" : "18250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows \"remote code execution in the Web browser\" via unspecified attack vectors, probably related to cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001" + }, + { + "name": "16086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16086" + }, + { + "name": "1015422", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015422" + }, + { + "name": "18250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18250" + }, + { + "name": "ADV-2005-3084", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3084" + }, + { + "name": "22119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22119" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2025.json b/2009/2xxx/CVE-2009-2025.json index f6d79b00ea1..144eca56400 100644 --- a/2009/2xxx/CVE-2009-2025.json +++ b/2009/2xxx/CVE-2009-2025.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8903", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8903" - }, - { - "name" : "35167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35167" - }, - { - "name" : "ADV-2009-1532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35167" + }, + { + "name": "ADV-2009-1532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1532" + }, + { + "name": "8903", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8903" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2596.json b/2009/2xxx/CVE-2009-2596.json index 18010a2bb1e..c3b5ef09850 100644 --- a/2009/2xxx/CVE-2009-2596.json +++ b/2009/2xxx/CVE-2009-2596.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-39-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-39-1" - }, - { - "name" : "264428", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264428-1" - }, - { - "name" : "35787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35787" - }, - { - "name" : "35980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35787" + }, + { + "name": "264428", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264428-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-39-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-39-1" + }, + { + "name": "35980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35980" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2600.json b/2009/2xxx/CVE-2009-2600.json index faccdb8bf62..a31d66052bf 100644 --- a/2009/2xxx/CVE-2009-2600.json +++ b/2009/2xxx/CVE-2009-2600.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8823", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8823" - }, - { - "name" : "webboard-view-directory-traversal(50861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8823", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8823" + }, + { + "name": "webboard-view-directory-traversal(50861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50861" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2842.json b/2009/2xxx/CVE-2009-2842.json index 69df720f632..6f69defa387 100644 --- a/2009/2xxx/CVE-2009-2842.json +++ b/2009/2xxx/CVE-2009-2842.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3949", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3949" - }, - { - "name" : "APPLE-SA-2009-11-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" - }, - { - "name" : "36994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36994" - }, - { - "name" : "59942", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59942" - }, - { - "name" : "oval:org.mitre.oval:def:5915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5915" - }, - { - "name" : "1023164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023164" - }, - { - "name" : "37346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37346" - }, - { - "name" : "ADV-2009-3217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3217" - }, - { - "name" : "safari-menu-options-info-disclosure(54238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59942", + "refsource": "OSVDB", + "url": "http://osvdb.org/59942" + }, + { + "name": "APPLE-SA-2009-11-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" + }, + { + "name": "ADV-2009-3217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3217" + }, + { + "name": "http://support.apple.com/kb/HT3949", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3949" + }, + { + "name": "1023164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023164" + }, + { + "name": "36994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36994" + }, + { + "name": "oval:org.mitre.oval:def:5915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5915" + }, + { + "name": "safari-menu-options-info-disclosure(54238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54238" + }, + { + "name": "37346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37346" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3475.json b/2009/3xxx/CVE-2009-3475.json index 59f13d5e413..0be0846937f 100644 --- a/2009/3xxx/CVE-2009-3475.json +++ b/2009/3xxx/CVE-2009-3475.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt", - "refsource" : "CONFIRM", - "url" : "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt" - }, - { - "name" : "DSA-1895", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1895" - }, - { - "name" : "DSA-1896", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1896" - }, - { - "name" : "36855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36855" - }, - { - "name" : "36861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36861" - }, - { - "name" : "36876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36876" + }, + { + "name": "DSA-1896", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1896" + }, + { + "name": "DSA-1895", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1895" + }, + { + "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt", + "refsource": "CONFIRM", + "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt" + }, + { + "name": "36861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36861" + }, + { + "name": "36855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36855" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3596.json b/2009/3xxx/CVE-2009-3596.json index 335d4ac5630..4b7366027c6 100644 --- a/2009/3xxx/CVE-2009-3596.json +++ b/2009/3xxx/CVE-2009-3596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9182", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9182" - }, - { - "name" : "ajoxpoll-managepoll-auth-bypass(51809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9182", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9182" + }, + { + "name": "ajoxpoll-managepoll-auth-bypass(51809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51809" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3688.json b/2009/3xxx/CVE-2009-3688.json index d5468868880..f32a393a28a 100644 --- a/2009/3xxx/CVE-2009-3688.json +++ b/2009/3xxx/CVE-2009-3688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3688", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3688", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3777.json b/2009/3xxx/CVE-2009-3777.json index 3c72a618e54..e6632784224 100644 --- a/2009/3xxx/CVE-2009-3777.json +++ b/2009/3xxx/CVE-2009-3777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3968.json b/2009/3xxx/CVE-2009-3968.json index f3671bd583c..9f9872e4e59 100644 --- a/2009/3xxx/CVE-2009-3968.json +++ b/2009/3xxx/CVE-2009-3968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9497", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9497" - }, - { - "name" : "36437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9497", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9497" + }, + { + "name": "36437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36437" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4403.json b/2009/4xxx/CVE-2009-4403.json index 8c103772e39..01969b8d9e6 100644 --- a/2009/4xxx/CVE-2009-4403.json +++ b/2009/4xxx/CVE-2009-4403.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091217 Rumba XML XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508536/100/0/threaded" - }, - { - "name" : "10534", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10534" - }, - { - "name" : "61137", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61137" - }, - { - "name" : "37840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37840" - }, - { - "name" : "xml-index-xss(54913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37840" + }, + { + "name": "xml-index-xss(54913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54913" + }, + { + "name": "61137", + "refsource": "OSVDB", + "url": "http://osvdb.org/61137" + }, + { + "name": "10534", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10534" + }, + { + "name": "20091217 Rumba XML XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508536/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4567.json b/2009/4xxx/CVE-2009-4567.json index 42f104692b7..50298cb20c3 100644 --- a/2009/4xxx/CVE-2009-4567.json +++ b/2009/4xxx/CVE-2009-4567.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt" - }, - { - "name" : "10354", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10354" - }, - { - "name" : "37608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37608" - }, - { - "name" : "viscacha-editprofile-xss(54614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10354", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10354" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt" + }, + { + "name": "viscacha-editprofile-xss(54614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54614" + }, + { + "name": "37608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37608" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0215.json b/2015/0xxx/CVE-2015-0215.json index 750004d0708..0e48642d194 100644 --- a/2015/0xxx/CVE-2015-0215.json +++ b/2015/0xxx/CVE-2015-0215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150119 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/01/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=278615", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=278615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=278615", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=278615" + }, + { + "name": "[oss-security] 20150119 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/01/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0373.json b/2015/0xxx/CVE-2015-0373.json index 3166dc1d9fc..998191b12fb 100644 --- a/2015/0xxx/CVE-2015-0373.json +++ b/2015/0xxx/CVE-2015-0373.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72145" - }, - { - "name" : "1031572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031572" - }, - { - "name" : "oracle-cpujan2015-cve20150373(100067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-cpujan2015-cve20150373(100067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100067" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031572" + }, + { + "name": "72145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72145" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0539.json b/2015/0xxx/CVE-2015-0539.json index dbf601301e5..3ee921cc8db 100644 --- a/2015/0xxx/CVE-2015-0539.json +++ b/2015/0xxx/CVE-2015-0539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0539", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0539", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0694.json b/2015/0xxx/CVE-2015-0694.json index 27ecdecb704..4757ba69f52 100644 --- a/2015/0xxx/CVE-2015-0694.json +++ b/2015/0xxx/CVE-2015-0694.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292" - }, - { - "name" : "1032059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150409 Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38292" + }, + { + "name": "1032059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032059" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0966.json b/2015/0xxx/CVE-2015-0966.json index 4ca024736f6..24fec6f4107 100644 --- a/2015/0xxx/CVE-2015-0966.json +++ b/2015/0xxx/CVE-2015-0966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1285.json b/2015/1xxx/CVE-2015-1285.json index 04cca838fe9..10eb43388b9 100644 --- a/2015/1xxx/CVE-2015-1285.json +++ b/2015/1xxx/CVE-2015-1285.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=498982", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=498982" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=196971&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=196971&view=revision" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=498982", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=498982" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=196971&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=196971&view=revision" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1297.json b/2015/1xxx/CVE-2015-1297.json index 353ea32d94a..63c988d761a 100644 --- a/2015/1xxx/CVE-2015-1297.json +++ b/2015/1xxx/CVE-2015-1297.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=510802", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=510802" - }, - { - "name" : "https://codereview.chromium.org/1267183003/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1267183003/" - }, - { - "name" : "DSA-3351", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3351" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1712", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" - }, - { - "name" : "openSUSE-SU-2015:1873", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" - }, - { - "name" : "1033472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1873", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" + }, + { + "name": "RHSA-2015:1712", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html" + }, + { + "name": "1033472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033472" + }, + { + "name": "openSUSE-SU-2015:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" + }, + { + "name": "DSA-3351", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3351" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://codereview.chromium.org/1267183003/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1267183003/" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=510802", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=510802" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1465.json b/2015/1xxx/CVE-2015-1465.json index e5457c4348e..2e376e9ffee 100644 --- a/2015/1xxx/CVE-2015-1465.json +++ b/2015/1xxx/CVE-2015-1465.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150203 Re: CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/03/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df4d92549f23e1c037e83323aff58a21b3de7fe0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df4d92549f23e1c037e83323aff58a21b3de7fe0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183744", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183744" - }, - { - "name" : "https://github.com/torvalds/linux/commit/df4d92549f23e1c037e83323aff58a21b3de7fe0", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/df4d92549f23e1c037e83323aff58a21b3de7fe0" - }, - { - "name" : "openSUSE-SU-2015:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" - }, - { - "name" : "SUSE-SU-2015:1488", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" - }, - { - "name" : "SUSE-SU-2015:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" - }, - { - "name" : "USN-2545-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2545-1" - }, - { - "name" : "USN-2546-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2546-1" - }, - { - "name" : "USN-2562-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2562-1" - }, - { - "name" : "USN-2563-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2563-1" - }, - { - "name" : "72435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72435" - }, - { - "name" : "1036763", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" + }, + { + "name": "USN-2562-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2562-1" + }, + { + "name": "SUSE-SU-2015:1488", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" + }, + { + "name": "USN-2546-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2546-1" + }, + { + "name": "USN-2563-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2563-1" + }, + { + "name": "openSUSE-SU-2015:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" + }, + { + "name": "1036763", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036763" + }, + { + "name": "[oss-security] 20150203 Re: CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/03/13" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1183744", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183744" + }, + { + "name": "USN-2545-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2545-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/df4d92549f23e1c037e83323aff58a21b3de7fe0", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/df4d92549f23e1c037e83323aff58a21b3de7fe0" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df4d92549f23e1c037e83323aff58a21b3de7fe0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df4d92549f23e1c037e83323aff58a21b3de7fe0" + }, + { + "name": "72435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72435" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1479.json b/2015/1xxx/CVE-2015-1479.json index 5ea6583eeb1..241d4896757 100644 --- a/2015/1xxx/CVE-2015-1479.json +++ b/2015/1xxx/CVE-2015-1479.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35890", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35890" - }, - { - "name" : "http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html" - }, - { - "name" : "http://www.manageengine.com/products/service-desk/readme-9.0.html", - "refsource" : "MISC", - "url" : "http://www.manageengine.com/products/service-desk/readme-9.0.html" - }, - { - "name" : "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability", - "refsource" : "MISC", - "url" : "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability" - }, - { - "name" : "72299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130079/ManageEngine-ServiceDesk-9.0-SQL-Injection.html" + }, + { + "name": "35890", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35890" + }, + { + "name": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability", + "refsource": "MISC", + "url": "http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability" + }, + { + "name": "72299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72299" + }, + { + "name": "http://www.manageengine.com/products/service-desk/readme-9.0.html", + "refsource": "MISC", + "url": "http://www.manageengine.com/products/service-desk/readme-9.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1570.json b/2015/1xxx/CVE-2015-1570.json index 28addad5b49..9d2ae4afc4f 100644 --- a/2015/1xxx/CVE-2015-1570.json +++ b/2015/1xxx/CVE-2015-1570.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 Fortinet FortiClient Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/124" - }, - { - "name" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf" + }, + { + "name": "20150129 Fortinet FortiClient Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/124" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4039.json b/2015/4xxx/CVE-2015-4039.json index 56462763502..6922bb4e56b 100644 --- a/2015/4xxx/CVE-2015-4039.json +++ b/2015/4xxx/CVE-2015-4039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4504.json b/2015/4xxx/CVE-2015-4504.json index e131ef354f6..f8802f72576 100644 --- a/2015/4xxx/CVE-2015-4504.json +++ b/2015/4xxx/CVE-2015-4504.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2015:1658", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" - }, - { - "name" : "openSUSE-SU-2015:1681", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" - }, - { - "name" : "USN-2743-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-4" - }, - { - "name" : "USN-2743-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-1" - }, - { - "name" : "USN-2743-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-2" - }, - { - "name" : "USN-2743-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2743-3" - }, - { - "name" : "76815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76815" - }, - { - "name" : "1033640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-98.html" + }, + { + "name": "openSUSE-SU-2015:1681", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132467" + }, + { + "name": "USN-2743-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-4" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2743-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-3" + }, + { + "name": "76815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76815" + }, + { + "name": "USN-2743-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-2" + }, + { + "name": "1033640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033640" + }, + { + "name": "openSUSE-SU-2015:1658", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html" + }, + { + "name": "USN-2743-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2743-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4888.json b/2015/4xxx/CVE-2015-4888.json index dcf898f0394..395a8fe3cc3 100644 --- a/2015/4xxx/CVE-2015-4888.json +++ b/2015/4xxx/CVE-2015-4888.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033883", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033883", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033883" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4960.json b/2015/4xxx/CVE-2015-4960.json index 8a8799f4717..5fa8bcade70 100644 --- a/2015/4xxx/CVE-2015-4960.json +++ b/2015/4xxx/CVE-2015-4960.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971545", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971545", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971545" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9091.json b/2015/9xxx/CVE-2015-9091.json index 3216d599bd2..bdef189758c 100644 --- a/2015/9xxx/CVE-2015-9091.json +++ b/2015/9xxx/CVE-2015-9091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-9091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2248.json b/2018/2xxx/CVE-2018-2248.json index 7dee393fe8d..e2dee82527b 100644 --- a/2018/2xxx/CVE-2018-2248.json +++ b/2018/2xxx/CVE-2018-2248.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2248", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2248", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2277.json b/2018/2xxx/CVE-2018-2277.json index e325d217145..c9591a2f96e 100644 --- a/2018/2xxx/CVE-2018-2277.json +++ b/2018/2xxx/CVE-2018-2277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2277", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2277", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2283.json b/2018/2xxx/CVE-2018-2283.json index e9f20b57c48..8fdd077958f 100644 --- a/2018/2xxx/CVE-2018-2283.json +++ b/2018/2xxx/CVE-2018-2283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2283", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2283", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3687.json b/2018/3xxx/CVE-2018-3687.json index 594e5e629d9..7ef9e28cffb 100644 --- a/2018/3xxx/CVE-2018-3687.json +++ b/2018/3xxx/CVE-2018-3687.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Quartus II Programmer and Tools", - "version" : { - "version_data" : [ - { - "version_value" : "15.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Quartus II Programmer and Tools", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3825.json b/2018/3xxx/CVE-2018-3825.json index 9c31933efed..cf466cf9261 100644 --- a/2018/3xxx/CVE-2018-3825.json +++ b/2018/3xxx/CVE-2018-3825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elastic Cloud Enterprise (ECE)", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-321: Use of Hard-coded Cryptographic Key" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Enterprise (ECE)", + "version": { + "version_data": [ + { + "version_value": "before 1.1.4" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321: Use of Hard-coded Cryptographic Key" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + }, + { + "name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6164.json b/2018/6xxx/CVE-2018-6164.json index 26dc74d8516..bfb0171c1ce 100644 --- a/2018/6xxx/CVE-2018-6164.json +++ b/2018/6xxx/CVE-2018-6164.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "68.0.3440.75" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "68.0.3440.75" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/848786", - "refsource" : "MISC", - "url" : "https://crbug.com/848786" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4256", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4256" - }, - { - "name" : "GLSA-201808-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-01" - }, - { - "name" : "RHSA-2018:2282", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2282" - }, - { - "name" : "104887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:2282", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2282" + }, + { + "name": "GLSA-201808-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-01" + }, + { + "name": "DSA-4256", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4256" + }, + { + "name": "https://crbug.com/848786", + "refsource": "MISC", + "url": "https://crbug.com/848786" + }, + { + "name": "104887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104887" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6281.json b/2018/6xxx/CVE-2018-6281.json index 3f21cade917..0592a2623d8 100644 --- a/2018/6xxx/CVE-2018-6281.json +++ b/2018/6xxx/CVE-2018-6281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6367.json b/2018/6xxx/CVE-2018-6367.json index 6d505d9732a..0ddf3fc5ea4 100644 --- a/2018/6xxx/CVE-2018-6367.json +++ b/2018/6xxx/CVE-2018-6367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43918", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43918/" - }, - { - "name" : "https://packetstormsecurity.com/files/146136/Vastal-I-Tech-Facebook-Clone-2.9.9-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146136/Vastal-I-Tech-Facebook-Clone-2.9.9-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/146136/Vastal-I-Tech-Facebook-Clone-2.9.9-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146136/Vastal-I-Tech-Facebook-Clone-2.9.9-SQL-Injection.html" + }, + { + "name": "43918", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43918/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6984.json b/2018/6xxx/CVE-2018-6984.json index 16c783fa4a0..fed14fc2b19 100644 --- a/2018/6xxx/CVE-2018-6984.json +++ b/2018/6xxx/CVE-2018-6984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7025.json b/2018/7xxx/CVE-2018-7025.json index 721eed7413a..5bdb841de97 100644 --- a/2018/7xxx/CVE-2018-7025.json +++ b/2018/7xxx/CVE-2018-7025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7025", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7025", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7184.json b/2018/7xxx/CVE-2018-7184.json index 130f444a888..7b5f2cbc40e 100644 --- a/2018/7xxx/CVE-2018-7184.json +++ b/2018/7xxx/CVE-2018-7184.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541824/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" - }, - { - "name" : "http://support.ntp.org/bin/view/Main/NtpBug3453", - "refsource" : "CONFIRM", - "url" : "http://support.ntp.org/bin/view/Main/NtpBug3453" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_13", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_13" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180626-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180626-0001/" - }, - { - "name" : "FreeBSD-SA-18:02", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" - }, - { - "name" : "GLSA-201805-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-12" - }, - { - "name" : "USN-3707-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3707-1/" - }, - { - "name" : "103192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" + }, + { + "name": "103192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103192" + }, + { + "name": "GLSA-201805-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-12" + }, + { + "name": "FreeBSD-SA-18:02", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180626-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" + }, + { + "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" + }, + { + "name": "http://support.ntp.org/bin/view/Main/NtpBug3453", + "refsource": "CONFIRM", + "url": "http://support.ntp.org/bin/view/Main/NtpBug3453" + }, + { + "name": "USN-3707-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3707-1/" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_13", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_13" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7191.json b/2018/7xxx/CVE-2018-7191.json index 758ca33a505..63423aaaea5 100644 --- a/2018/7xxx/CVE-2018-7191.json +++ b/2018/7xxx/CVE-2018-7191.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7191", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7191", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7342.json b/2018/7xxx/CVE-2018-7342.json index 0f7eba12b9d..4c15debaee3 100644 --- a/2018/7xxx/CVE-2018-7342.json +++ b/2018/7xxx/CVE-2018-7342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7928.json b/2018/7xxx/CVE-2018-7928.json index 1643bc759f7..888b07f636c 100644 --- a/2018/7xxx/CVE-2018-7928.json +++ b/2018/7xxx/CVE-2018-7928.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MyCloud", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before 8.1.2.303" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "FRP bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MyCloud", + "version": { + "version_data": [ + { + "version_value": "The versions before 8.1.2.303" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "FRP bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180930-01-mycloud-en" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5281.json b/2019/5xxx/CVE-2019-5281.json index 2e43203e830..da2f7bbb242 100644 --- a/2019/5xxx/CVE-2019-5281.json +++ b/2019/5xxx/CVE-2019-5281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5376.json b/2019/5xxx/CVE-2019-5376.json index b89cdbd8776..4a58eda0d06 100644 --- a/2019/5xxx/CVE-2019-5376.json +++ b/2019/5xxx/CVE-2019-5376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5691.json b/2019/5xxx/CVE-2019-5691.json index 4fde07f690c..feeff4352a6 100644 --- a/2019/5xxx/CVE-2019-5691.json +++ b/2019/5xxx/CVE-2019-5691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file