diff --git a/2005/0xxx/CVE-2005-0324.json b/2005/0xxx/CVE-2005-0324.json index 6dbbbd5fe1e..116a1fbbb01 100644 --- a/2005/0xxx/CVE-2005-0324.json +++ b/2005/0xxx/CVE-2005-0324.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110703630922262&w=2" - }, - { - "name" : "http://www.lovebug.org/imd_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.lovebug.org/imd_advisory.txt" - }, - { - "name" : "12399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12399" - }, - { - "name" : "1013044", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013044" - }, - { - "name" : "14075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14075" - }, - { - "name" : "infinite-mobile-delivery-path-disclosure(19154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12399" + }, + { + "name": "14075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14075" + }, + { + "name": "http://www.lovebug.org/imd_advisory.txt", + "refsource": "MISC", + "url": "http://www.lovebug.org/imd_advisory.txt" + }, + { + "name": "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110703630922262&w=2" + }, + { + "name": "1013044", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013044" + }, + { + "name": "infinite-mobile-delivery-path-disclosure(19154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19154" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0643.json b/2005/0xxx/CVE-2005-0643.json index a1204153914..21467590553 100644 --- a/2005/0xxx/CVE-2005-0643.json +++ b/2005/0xxx/CVE-2005-0643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf", - "refsource" : "CONFIRM", - "url" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf" - }, - { - "name" : "10243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10243" - }, - { - "name" : "14628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10243" + }, + { + "name": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf", + "refsource": "CONFIRM", + "url": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf" + }, + { + "name": "14628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14628" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0904.json b/2005/0xxx/CVE-2005-0904.json index f6bbf04b2c2..2acf1fd9e8a 100644 --- a/2005/0xxx/CVE-2005-0904.json +++ b/2005/0xxx/CVE-2005-0904.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Desktop in Windows XP SP1 does not verify the \"Force shutdown from a remote system\" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "889323", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/889323" - }, - { - "name" : "1013552", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013552" - }, - { - "name" : "windows-desktop-tsshutdnexe-dos(19819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Desktop in Windows XP SP1 does not verify the \"Force shutdown from a remote system\" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "windows-desktop-tsshutdnexe-dos(19819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19819" + }, + { + "name": "1013552", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013552" + }, + { + "name": "889323", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/889323" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2273.json b/2005/2xxx/CVE-2005-2273.json index 6cc03b45d33..d1ab597e406 100644 --- a/2005/2xxx/CVE-2005-2273.json +++ b/2005/2xxx/CVE-2005-2273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", - "refsource" : "MISC", - "url" : "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/" - }, - { - "name" : "http://secunia.com/secunia_research/2005-8/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-8/" - }, - { - "name" : "15488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the \"Dialog Origin Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-8/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-8/" + }, + { + "name": "15488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15488" + }, + { + "name": "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/", + "refsource": "MISC", + "url": "http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2500.json b/2005/2xxx/CVE-2005-2500.json index c6bb2b8785f..03bb6d39098 100644 --- a/2005/2xxx/CVE-2005-2500.json +++ b/2005/2xxx/CVE-2005-2500.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lkml.org/lkml/2005/6/23/19", - "refsource" : "MISC", - "url" : "http://lkml.org/lkml/2005/6/23/19" - }, - { - "name" : "http://lkml.org/lkml/2005/6/23/126", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2005/6/23/126" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@42b9c4fdYUuaq0joRUZi8W0Q-2hA1A", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@42b9c4fdYUuaq0joRUZi8W0Q-2hA1A" - }, - { - "name" : "SUSE-SA:2005:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_44_kernel.html" - }, - { - "name" : "14470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14470" - }, - { - "name" : "16406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16406" - }, - { - "name" : "kernel-xdrxcodearray-dos(21805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14470" + }, + { + "name": "http://lkml.org/lkml/2005/6/23/19", + "refsource": "MISC", + "url": "http://lkml.org/lkml/2005/6/23/19" + }, + { + "name": "16406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16406" + }, + { + "name": "http://lkml.org/lkml/2005/6/23/126", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2005/6/23/126" + }, + { + "name": "SUSE-SA:2005:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_44_kernel.html" + }, + { + "name": "kernel-xdrxcodearray-dos(21805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21805" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@42b9c4fdYUuaq0joRUZi8W0Q-2hA1A", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@42b9c4fdYUuaq0joRUZi8W0Q-2hA1A" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2782.json b/2005/2xxx/CVE-2005-2782.json index 19ccf6e26db..2f2f6bbfa89 100644 --- a/2005/2xxx/CVE-2005-2782.json +++ b/2005/2xxx/CVE-2005-2782.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an \"ftp://\" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for \"http\" and \"https\" URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050828 AutoLinks Pro 2.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112535379716486&w=2" - }, - { - "name" : "14686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14686" - }, - { - "name" : "16620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16620/" - }, - { - "name" : "autolinks-alinitialize-file-include(22061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an \"ftp://\" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for \"http\" and \"https\" URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050828 AutoLinks Pro 2.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112535379716486&w=2" + }, + { + "name": "14686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14686" + }, + { + "name": "16620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16620/" + }, + { + "name": "autolinks-alinitialize-file-include(22061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22061" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3647.json b/2005/3xxx/CVE-2005-3647.json index edc1e63bd63..ff3653756ba 100644 --- a/2005/3xxx/CVE-2005-3647.json +++ b/2005/3xxx/CVE-2005-3647.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051110 Folder Guard exe files protection bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113165092919948&w=2" - }, - { - "name" : "folderguard-temp-security-bypass(23054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "folderguard-temp-security-bypass(23054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23054" + }, + { + "name": "20051110 Folder Guard exe files protection bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113165092919948&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4524.json b/2005/4xxx/CVE-2005-4524.json index d0053de8901..e7354f449f3 100644 --- a/2005/4xxx/CVE-2005-4524.json +++ b/2005/4xxx/CVE-2005-4524.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963" - }, - { - "name" : "DSA-944", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-944" - }, - { - "name" : "ADV-2005-3064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3064" - }, - { - "name" : "18481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18481" + }, + { + "name": "ADV-2005-3064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3064" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt" + }, + { + "name": "DSA-944", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-944" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0535.json b/2009/0xxx/CVE-2009-0535.json index 8140382376f..00f037c4f86 100644 --- a/2009/0xxx/CVE-2009-0535.json +++ b/2009/0xxx/CVE-2009-0535.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8029", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8029", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8029" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2033.json b/2009/2xxx/CVE-2009-2033.json index 7efe2e293a3..8273da8052b 100644 --- a/2009/2xxx/CVE-2009-2033.json +++ b/2009/2xxx/CVE-2009-2033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8932", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8932" - }, - { - "name" : "35324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35324" - }, - { - "name" : "55097", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8932", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8932" + }, + { + "name": "35324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35324" + }, + { + "name": "55097", + "refsource": "OSVDB", + "url": "http://osvdb.org/55097" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2481.json b/2009/2xxx/CVE-2009-2481.json index c27a89fa025..857160711c8 100644 --- a/2009/2xxx/CVE-2009-2481.json +++ b/2009/2xxx/CVE-2009-2481.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#08369659", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN08369659/index.html" - }, - { - "name" : "JVNDB-2009-000043", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html" - }, - { - "name" : "35471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35471" - }, - { - "name" : "35534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35534" - }, - { - "name" : "ADV-2009-1668", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1668" - }, - { - "name" : "movabletype-mtwizard-security-bypass(51330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#08369659", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN08369659/index.html" + }, + { + "name": "35534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35534" + }, + { + "name": "ADV-2009-1668", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1668" + }, + { + "name": "JVNDB-2009-000043", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html" + }, + { + "name": "35471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35471" + }, + { + "name": "movabletype-mtwizard-security-bypass(51330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2973.json b/2009/2xxx/CVE-2009-2973.json index 0b1c2c94c0b..fc24adde09f 100644 --- a/2009/2xxx/CVE-2009-2973.json +++ b/2009/2xxx/CVE-2009-2973.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=18725", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=18725" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" - }, - { - "name" : "36417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36417" - }, - { - "name" : "ADV-2009-2420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2420" - }, - { - "name" : "google-chrome-algorithm-spoofing(52903)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2420" + }, + { + "name": "36417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36417" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=18725", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=18725" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" + }, + { + "name": "google-chrome-algorithm-spoofing(52903)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52903" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3310.json b/2009/3xxx/CVE-2009-3310.json index c3aa0bf6e10..48a5044f1dd 100644 --- a/2009/3xxx/CVE-2009-3310.json +++ b/2009/3xxx/CVE-2009-3310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9715", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9715" - }, - { - "name" : "36453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36453" - }, - { - "name" : "36798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36798" - }, - { - "name" : "ADV-2009-2701", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2701" - }, - { - "name" : "zainu-albumid-sql-injection(53352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2701", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2701" + }, + { + "name": "36798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36798" + }, + { + "name": "36453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36453" + }, + { + "name": "9715", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9715" + }, + { + "name": "zainu-albumid-sql-injection(53352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53352" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3340.json b/2009/3xxx/CVE-2009-3340.json index e75a540f20d..fb73ed33d11 100644 --- a/2009/3xxx/CVE-2009-3340.json +++ b/2009/3xxx/CVE-2009-3340.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "1022811", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022811" - }, - { - "name" : "36506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36506" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + }, + { + "name": "1022811", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022811" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3353.json b/2009/3xxx/CVE-2009-3353.json index f627caf3445..79ce0054d17 100644 --- a/2009/3xxx/CVE-2009-3353.json +++ b/2009/3xxx/CVE-2009-3353.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/572852", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/572852" - }, - { - "name" : "36323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36323" + }, + { + "name": "http://drupal.org/node/572852", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/572852" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3743.json b/2009/3xxx/CVE-2009-3743.json index 145875ac5aa..829b589b385 100644 --- a/2009/3xxx/CVE-2009-3743.json +++ b/2009/3xxx/CVE-2009-3743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-3743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101125 TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514892/100/0/threaded" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JALR-87YGN8", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/JALR-87YGN8" - }, - { - "name" : "GLSA-201412-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-17.xml" - }, - { - "name" : "RHSA-2012:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2012-0095.html" - }, - { - "name" : "VU#644319", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/644319" - }, - { - "name" : "1024785", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2012-0095.html" + }, + { + "name": "GLSA-201412-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml" + }, + { + "name": "1024785", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024785" + }, + { + "name": "20101125 TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514892/100/0/threaded" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JALR-87YGN8", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/JALR-87YGN8" + }, + { + "name": "VU#644319", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/644319" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4184.json b/2009/4xxx/CVE-2009-4184.json index 48d8fa5a191..ac71eb32331 100644 --- a/2009/4xxx/CVE-2009-4184.json +++ b/2009/4xxx/CVE-2009-4184.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2009-4184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02464", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01894850" - }, - { - "name" : "SSRT090210", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01894850" - }, - { - "name" : "38035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38035" - }, - { - "name" : "oval:org.mitre.oval:def:8305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8305" - }, - { - "name" : "oval:org.mitre.oval:def:12172", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12172" - }, - { - "name" : "1023523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023523" - }, - { - "name" : "38423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38423" - }, - { - "name" : "ADV-2010-0272", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12172", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12172" + }, + { + "name": "1023523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023523" + }, + { + "name": "38423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38423" + }, + { + "name": "ADV-2010-0272", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0272" + }, + { + "name": "SSRT090210", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01894850" + }, + { + "name": "oval:org.mitre.oval:def:8305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8305" + }, + { + "name": "HPSBUX02464", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01894850" + }, + { + "name": "38035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38035" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4423.json b/2009/4xxx/CVE-2009-4423.json index 2732a5830b8..8d567f81c9f 100644 --- a/2009/4xxx/CVE-2009-4423.json +++ b/2009/4xxx/CVE-2009-4423.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/weencompany-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/weencompany-sql.txt" - }, - { - "name" : "10606", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10606" - }, - { - "name" : "61264", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61264" - }, - { - "name" : "37895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37895" - }, - { - "name" : "weencompany-index-sql-injection(54996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weencompany-index-sql-injection(54996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54996" + }, + { + "name": "61264", + "refsource": "OSVDB", + "url": "http://osvdb.org/61264" + }, + { + "name": "37895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37895" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/weencompany-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/weencompany-sql.txt" + }, + { + "name": "10606", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10606" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4704.json b/2009/4xxx/CVE-2009-4704.json index be3360fcffb..b968947aaa5 100644 --- a/2009/4xxx/CVE-2009-4704.json +++ b/2009/4xxx/CVE-2009-4704.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4793.json b/2009/4xxx/CVE-2009-4793.json index d32021d3972..4b5381b28f6 100644 --- a/2009/4xxx/CVE-2009-4793.json +++ b/2009/4xxx/CVE-2009-4793.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8309", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8309" - }, - { - "name" : "21992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21992" + }, + { + "name": "8309", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8309" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4866.json b/2009/4xxx/CVE-2009-4866.json index e9a20eb0943..6d4e06d0b53 100644 --- a/2009/4xxx/CVE-2009-4866.json +++ b/2009/4xxx/CVE-2009-4866.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/simplesearch-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/simplesearch-xss.txt" - }, - { - "name" : "56798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56798" - }, - { - "name" : "36178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36178" - }, - { - "name" : "simplesearch-search-xss(52311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0908-exploits/simplesearch-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/simplesearch-xss.txt" + }, + { + "name": "36178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36178" + }, + { + "name": "simplesearch-search-xss(52311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52311" + }, + { + "name": "56798", + "refsource": "OSVDB", + "url": "http://osvdb.org/56798" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2858.json b/2012/2xxx/CVE-2012-2858.json index 53a4cef963f..231f6b3f3d9 100644 --- a/2012/2xxx/CVE-2012-2858.json +++ b/2012/2xxx/CVE-2012-2858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=136894", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=136894" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:15679", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=136894", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=136894" + }, + { + "name": "oval:org.mitre.oval:def:15679", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15679" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0093.json b/2015/0xxx/CVE-2015-0093.json index 3f1a7adfc68..df00d4a121a 100644 --- a/2015/0xxx/CVE-2015-0093.json +++ b/2015/0xxx/CVE-2015-0093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka \"Adobe Font Driver Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" - }, - { - "name" : "72907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72907" - }, - { - "name" : "1031889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka \"Adobe Font Driver Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021" + }, + { + "name": "1031889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031889" + }, + { + "name": "72907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72907" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0488.json b/2015/0xxx/CVE-2015-0488.json index 99c0ed58b19..8829fe808db 100644 --- a/2015/0xxx/CVE-2015-0488.json +++ b/2015/0xxx/CVE-2015-0488.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0158.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0158.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21903565" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960194" - }, - { - "name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "refsource" : "CONFIRM", - "url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960769" - }, - { - "name" : "DSA-3234", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3234" - }, - { - "name" : "DSA-3235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3235" - }, - { - "name" : "DSA-3316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3316" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "MDVSA-2015:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" - }, - { - "name" : "RHSA-2015:0806", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html" - }, - { - "name" : "RHSA-2015:0807", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html" - }, - { - "name" : "RHSA-2015:0808", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html" - }, - { - "name" : "RHSA-2015:0809", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "RHSA-2015:0854", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" - }, - { - "name" : "RHSA-2015:0857", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" - }, - { - "name" : "RHSA-2015:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" - }, - { - "name" : "openSUSE-SU-2015:0773", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2015:0774", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" - }, - { - "name" : "SUSE-SU-2016:0113", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" - }, - { - "name" : "SUSE-SU-2015:2166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:2168", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:2182", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" - }, - { - "name" : "SUSE-SU-2015:2192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" - }, - { - "name" : "SUSE-SU-2015:2216", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:1085", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "USN-2573-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2573-1" - }, - { - "name" : "USN-2574-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2574-1" - }, - { - "name" : "74111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74111" - }, - { - "name" : "1032120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0857", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html" + }, + { + "name": "DSA-3235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3235" + }, + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "SUSE-SU-2015:2182", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" + }, + { + "name": "RHSA-2015:0806", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "SUSE-SU-2015:2192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0158.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0158.html" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21903565" + }, + { + "name": "SUSE-SU-2015:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" + }, + { + "name": "MDVSA-2015:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194", + "refsource": "CONFIRM", + "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194" + }, + { + "name": "DSA-3316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3316" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:2166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" + }, + { + "name": "1032120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032120" + }, + { + "name": "74111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74111" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "openSUSE-SU-2015:0773", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "DSA-3234", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3234" + }, + { + "name": "USN-2573-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2573-1" + }, + { + "name": "SUSE-SU-2015:2216", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "RHSA-2015:0807", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "SUSE-SU-2015:2168", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" + }, + { + "name": "SUSE-SU-2015:1085", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" + }, + { + "name": "RHSA-2015:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html" + }, + { + "name": "RHSA-2015:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html" + }, + { + "name": "RHSA-2015:0808", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html" + }, + { + "name": "USN-2574-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2574-1" + }, + { + "name": "RHSA-2015:0809", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html" + }, + { + "name": "openSUSE-SU-2015:0774", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + }, + { + "name": "RHSA-2015:0854", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html" + }, + { + "name": "SUSE-SU-2016:0113", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0811.json b/2015/0xxx/CVE-2015-0811.json index 43582f5bae6..3138cb4b621 100644 --- a/2015/0xxx/CVE-2015-0811.json +++ b/2015/0xxx/CVE-2015-0811.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-34.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1132468", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1132468" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132468", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1132468" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-34.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-34.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1234.json b/2015/1xxx/CVE-2015-1234.json index f51e177e9b8..4dab94ba561 100644 --- a/2015/1xxx/CVE-2015-1234.json +++ b/2015/1xxx/CVE-2015-1234.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=468936", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=468936" - }, - { - "name" : "https://codereview.chromium.org/1016193003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1016193003" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0778", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0778.html" - }, - { - "name" : "openSUSE-SU-2015:0682", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "USN-2556-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2556-1" - }, - { - "name" : "73486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73486" - }, - { - "name" : "1032012", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=468936", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=468936" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html" + }, + { + "name": "73486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73486" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "USN-2556-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2556-1" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:0682", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html" + }, + { + "name": "1032012", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032012" + }, + { + "name": "RHSA-2015:0778", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html" + }, + { + "name": "https://codereview.chromium.org/1016193003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1016193003" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1670.json b/2015/1xxx/CVE-2015-1670.json index befc5520d91..2a168d7507d 100644 --- a/2015/1xxx/CVE-2015-1670.json +++ b/2015/1xxx/CVE-2015-1670.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka \"OpenType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044" - }, - { - "name" : "74485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74485" - }, - { - "name" : "1032281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka \"OpenType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044" + }, + { + "name": "74485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74485" + }, + { + "name": "1032281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032281" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1678.json b/2015/1xxx/CVE-2015-1678.json index e07ff9c0761..bd723a99c63 100644 --- a/2015/1xxx/CVE-2015-1678.json +++ b/2015/1xxx/CVE-2015-1678.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051" - }, - { - "name" : "74495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74495" - }, - { - "name" : "1032294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74495" + }, + { + "name": "MS15-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051" + }, + { + "name": "1032294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032294" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1748.json b/2015/1xxx/CVE-2015-1748.json index 59561c7ac88..b677172bffd 100644 --- a/2015/1xxx/CVE-2015-1748.json +++ b/2015/1xxx/CVE-2015-1748.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-1743." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-251", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-251" - }, - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "74997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74997" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-1743." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-251", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-251" + }, + { + "name": "74997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74997" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1981.json b/2015/1xxx/CVE-2015-1981.json index 133b663d49b..e046c161db8 100644 --- a/2015/1xxx/CVE-2015-1981.json +++ b/2015/1xxx/CVE-2015-1981.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jun/56" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959908", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959908" - }, - { - "name" : "74908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74908" - }, - { - "name" : "1032673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959908" + }, + { + "name": "74908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74908" + }, + { + "name": "20150619 IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jun/56" + }, + { + "name": "1032673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032673" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4658.json b/2015/4xxx/CVE-2015-4658.json index 9d6a1b3efb4..d895ab48bed 100644 --- a/2015/4xxx/CVE-2015-4658.json +++ b/2015/4xxx/CVE-2015-4658.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37290", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37290/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37290", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37290/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5032.json b/2015/5xxx/CVE-2015-5032.json index ef90009d177..b517d4d7dab 100644 --- a/2015/5xxx/CVE-2015-5032.json +++ b/2015/5xxx/CVE-2015-5032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5032", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5032", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5196.json b/2015/5xxx/CVE-2015-5196.json index 68ee1fac0ee..660431c3108 100644 --- a/2015/5xxx/CVE-2015-5196.json +++ b/2015/5xxx/CVE-2015-5196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5196", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5196", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5216.json b/2015/5xxx/CVE-2015-5216.json index a3f695382a0..999a28fd3d3 100644 --- a/2015/5xxx/CVE-2015-5216.json +++ b/2015/5xxx/CVE-2015-5216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5216", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5216", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3210.json b/2018/3xxx/CVE-2018-3210.json index 1a51409e56a..5d8d1079ff8 100644 --- a/2018/3xxx/CVE-2018-3210.json +++ b/2018/3xxx/CVE-2018-3210.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlassFish Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "3.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlassFish Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105618" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3520.json b/2018/3xxx/CVE-2018-3520.json index 64a94da6e10..267a82bb139 100644 --- a/2018/3xxx/CVE-2018-3520.json +++ b/2018/3xxx/CVE-2018-3520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3520", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3520", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3525.json b/2018/3xxx/CVE-2018-3525.json index 41af04b5ead..fea1e8c95f9 100644 --- a/2018/3xxx/CVE-2018-3525.json +++ b/2018/3xxx/CVE-2018-3525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6259.json b/2018/6xxx/CVE-2018-6259.json index 339daac7628..c7622f5ef86 100644 --- a/2018/6xxx/CVE-2018-6259.json +++ b/2018/6xxx/CVE-2018-6259.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-08-30T00:00:00", - "ID" : "CVE-2018-6259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GeForce Experience", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 3.14.1" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-08-30T00:00:00", + "ID": "CVE-2018-6259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 3.14.1" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4685" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6320.json b/2018/6xxx/CVE-2018-6320.json index dbc75863f9b..bfd688f4a10 100644 --- a/2018/6xxx/CVE-2018-6320.json +++ b/2018/6xxx/CVE-2018-6320.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6442.json b/2018/6xxx/CVE-2018-6442.json index d3f8988d4c9..1db1c3da122 100644 --- a/2018/6xxx/CVE-2018-6442.json +++ b/2018/6xxx/CVE-2018-6442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2018-6442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade Fabric OS", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Injection" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2018-6442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-735" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6626.json b/2018/6xxx/CVE-2018-6626.json index 37d0cdb6545..ef492ad6c68 100644 --- a/2018/6xxx/CVE-2018-6626.json +++ b/2018/6xxx/CVE-2018-6626.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000035", - "refsource" : "MISC", - "url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000035." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000035", + "refsource": "MISC", + "url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000035" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7044.json b/2018/7xxx/CVE-2018-7044.json index fc8694e2d6d..65bed61b342 100644 --- a/2018/7xxx/CVE-2018-7044.json +++ b/2018/7xxx/CVE-2018-7044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7690.json b/2018/7xxx/CVE-2018-7690.json index 70bd2572ff9..e66412c9e14 100644 --- a/2018/7xxx/CVE-2018-7690.json +++ b/2018/7xxx/CVE-2018-7690.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2018-12-12T15:30:00.000Z", - "ID" : "CVE-2018-7690", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortify Software Security Center (SSC)", - "version" : { - "version_data" : [ - { - "version_value" : "17.10, 17.20, 18.10" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access" - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Remote Unauthorized Access" - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Unauthorized Access" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-12-12T15:30:00.000Z", + "ID": "CVE-2018-7690", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortify Software Security Center (SSC)", + "version": { + "version_data": [ + { + "version_value": "17.10, 17.20, 18.10" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45989", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45989/" - }, - { - "name" : "https://softwaresupport.softwaregrp.com/doc/KM03298201", - "refsource" : "MISC", - "url" : "https://softwaresupport.softwaregrp.com/doc/KM03298201" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Remote Unauthorized Access" + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45989", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45989/" + }, + { + "name": "https://softwaresupport.softwaregrp.com/doc/KM03298201", + "refsource": "MISC", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03298201" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8634.json b/2018/8xxx/CVE-2018-8634.json index c1b716623b5..914a3306d40 100644 --- a/2018/8xxx/CVE-2018-8634.json +++ b/2018/8xxx/CVE-2018-8634.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka \"Microsoft Text-To-Speech Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634" - }, - { - "name" : "106078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka \"Microsoft Text-To-Speech Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106078" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8634" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8872.json b/2018/8xxx/CVE-2018-8872.json index 4dccb29a9e0..6cccbc42f28 100644 --- a/2018/8xxx/CVE-2018-8872.json +++ b/2018/8xxx/CVE-2018-8872.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-17T00:00:00", - "ID" : "CVE-2018-8872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Triconex Tricon", - "version" : { - "version_data" : [ - { - "version_value" : "MP model 3008 firmware versions 10.0-10.4" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-17T00:00:00", + "ID": "CVE-2018-8872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Triconex Tricon", + "version": { + "version_data": [ + { + "version_value": "MP model 3008 firmware versions 10.0-10.4" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/" - }, - { - "name" : "103947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction Of Operations Within The Bounds Of A Memory Buffer CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02" + }, + { + "name": "103947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103947" + } + ] + } +} \ No newline at end of file