diff --git a/2005/0xxx/CVE-2005-0831.json b/2005/0xxx/CVE-2005-0831.json index 48a8e8fcd8c..c3866c757a3 100644 --- a/2005/0xxx/CVE-2005-0831.json +++ b/2005/0xxx/CVE-2005-0831.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050318 PHP-Post Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/393695" - }, - { - "name" : "12845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050318 PHP-Post Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/393695" + }, + { + "name": "12845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12845" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2394.json b/2005/2xxx/CVE-2005-2394.json index 35ca48ca490..86d6ff1d118 100644 --- a/2005/2xxx/CVE-2005-2394.json +++ b/2005/2xxx/CVE-2005-2394.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014514", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014514" - }, - { - "name" : "16129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16129" + }, + { + "name": "1014514", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014514" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2423.json b/2005/2xxx/CVE-2005-2423.json index 687b4bbb4b5..18d8b031803 100644 --- a/2005/2xxx/CVE-2005-2423.json +++ b/2005/2xxx/CVE-2005-2423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050725 Beehive Forum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112230744103930&w=2" - }, - { - "name" : "16217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16217" - }, - { - "name" : "beehive-path-disclosure(21536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050725 Beehive Forum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112230744103930&w=2" + }, + { + "name": "16217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16217" + }, + { + "name": "beehive-path-disclosure(21536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21536" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2468.json b/2005/2xxx/CVE-2005-2468.json index f1d0eb52be0..d13cd5887f3 100644 --- a/2005/2xxx/CVE-2005-2468.json +++ b/2005/2xxx/CVE-2005-2468.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050731 MySQL Eventum Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112292193807958&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00093-07312005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00093-07312005" - }, - { - "name" : "http://lists.mysql.com/eventum-users/2072", - "refsource" : "CONFIRM", - "url" : "http://lists.mysql.com/eventum-users/2072" - }, - { - "name" : "14437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14437" - }, - { - "name" : "ADV-2005-1287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1287" - }, - { - "name" : "18403", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18403" - }, - { - "name" : "18404", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18404" - }, - { - "name" : "18405", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18405" - }, - { - "name" : "18406", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18406" - }, - { - "name" : "1014603", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014603" - }, - { - "name" : "16304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18404", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18404" + }, + { + "name": "ADV-2005-1287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1287" + }, + { + "name": "16304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16304" + }, + { + "name": "18403", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18403" + }, + { + "name": "18405", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18405" + }, + { + "name": "1014603", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014603" + }, + { + "name": "http://lists.mysql.com/eventum-users/2072", + "refsource": "CONFIRM", + "url": "http://lists.mysql.com/eventum-users/2072" + }, + { + "name": "20050731 MySQL Eventum Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112292193807958&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00093-07312005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00093-07312005" + }, + { + "name": "14437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14437" + }, + { + "name": "18406", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18406" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3468.json b/2005/3xxx/CVE-2005-3468.json index d06cb6119d1..9f33e65b95a 100644 --- a/2005/3xxx/CVE-2005-3468.json +++ b/2005/3xxx/CVE-2005-3468.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2005-2.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2005-2.shtml" - }, - { - "name" : "15284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15284" - }, - { - "name" : "ADV-2005-2277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2277" - }, - { - "name" : "1015142", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015142" - }, - { - "name" : "1015143", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015143" - }, - { - "name" : "17361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015143", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015143" + }, + { + "name": "1015142", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015142" + }, + { + "name": "15284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15284" + }, + { + "name": "17361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17361" + }, + { + "name": "http://www.f-secure.com/security/fsc-2005-2.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2005-2.shtml" + }, + { + "name": "ADV-2005-2277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2277" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3544.json b/2005/3xxx/CVE-2005-3544.json index 493a082c719..88f8bdd752a 100644 --- a/2005/3xxx/CVE-2005-3544.json +++ b/2005/3xxx/CVE-2005-3544.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Xss - Html injection in XMB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415800/30/0/threaded" - }, - { - "name" : "15342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15342" - }, - { - "name" : "ADV-2005-2333", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2333" - }, - { - "name" : "17458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17458" - }, - { - "name" : "xmb-u2u-xss(22990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xmb-u2u-xss(22990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22990" + }, + { + "name": "15342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15342" + }, + { + "name": "ADV-2005-2333", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2333" + }, + { + "name": "20051104 Xss - Html injection in XMB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415800/30/0/threaded" + }, + { + "name": "17458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17458" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3772.json b/2005/3xxx/CVE-2005-3772.json index 288e14e19e0..e9ec1ad8b55 100644 --- a/2005/3xxx/CVE-2005-3772.json +++ b/2005/3xxx/CVE-2005-3772.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/499/66/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/499/66/" - }, - { - "name" : "15526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15526" - }, - { - "name" : "ADV-2005-2526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2526" - }, - { - "name" : "21042", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21042" - }, - { - "name" : "21043", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21043" - }, - { - "name" : "17675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17675" - }, - { - "name" : "joomla-modpoll-sql-injection(23177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23177" - }, - { - "name" : "joomla-mosdbtable-sql-injection(23178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2526" + }, + { + "name": "joomla-mosdbtable-sql-injection(23178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23178" + }, + { + "name": "15526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15526" + }, + { + "name": "http://www.joomla.org/content/view/499/66/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/499/66/" + }, + { + "name": "21042", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21042" + }, + { + "name": "joomla-modpoll-sql-injection(23177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23177" + }, + { + "name": "21043", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21043" + }, + { + "name": "17675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17675" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3793.json b/2005/3xxx/CVE-2005-3793.json index 7b3e4f9057f..f4529c35333 100644 --- a/2005/3xxx/CVE-2005-3793.json +++ b/2005/3xxx/CVE-2005-3793.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113209435819541&w=2" - }, - { - "name" : "http://myblog.it-security23.net/?postid=5", - "refsource" : "MISC", - "url" : "http://myblog.it-security23.net/?postid=5" - }, - { - "name" : "ADV-2005-2455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2455" - }, - { - "name" : "20893", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20893" - }, - { - "name" : "20889", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20889" - }, - { - "name" : "17605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17605/" - }, - { - "name" : "affiliate-network-login-sql-injection(23073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://myblog.it-security23.net/?postid=5", + "refsource": "MISC", + "url": "http://myblog.it-security23.net/?postid=5" + }, + { + "name": "20893", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20893" + }, + { + "name": "affiliate-network-login-sql-injection(23073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23073" + }, + { + "name": "ADV-2005-2455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2455" + }, + { + "name": "20051115 Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113209435819541&w=2" + }, + { + "name": "20889", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20889" + }, + { + "name": "17605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17605/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3874.json b/2005/3xxx/CVE-2005-3874.json index ba3190f2c37..c7d4074db76 100644 --- a/2005/3xxx/CVE-2005-3874.json +++ b/2005/3xxx/CVE-2005-3874.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/netzbrett-151-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/netzbrett-151-sql-inj-vuln.html" - }, - { - "name" : "15593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15593" - }, - { - "name" : "ADV-2005-2611", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2611" - }, - { - "name" : "21139", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21139" - }, - { - "name" : "17742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17742" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/netzbrett-151-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/netzbrett-151-sql-inj-vuln.html" + }, + { + "name": "ADV-2005-2611", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2611" + }, + { + "name": "15593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15593" + }, + { + "name": "21139", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21139" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4059.json b/2005/4xxx/CVE-2005-4059.json index ab11fa0353a..2ee8b521458 100644 --- a/2005/4xxx/CVE-2005-4059.json +++ b/2005/4xxx/CVE-2005-4059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html" - }, - { - "name" : "http://locazo.net:81/applications/", - "refsource" : "CONFIRM", - "url" : "http://locazo.net:81/applications/" - }, - { - "name" : "15812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15812" - }, - { - "name" : "ADV-2005-2756", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2756" - }, - { - "name" : "21531", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21531", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21531" + }, + { + "name": "ADV-2005-2756", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2756" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html" + }, + { + "name": "15812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15812" + }, + { + "name": "http://locazo.net:81/applications/", + "refsource": "CONFIRM", + "url": "http://locazo.net:81/applications/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4341.json b/2005/4xxx/CVE-2005-4341.json index 9d3fc9aa23f..9be879e1240 100644 --- a/2005/4xxx/CVE-2005-4341.json +++ b/2005/4xxx/CVE-2005-4341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipomonis.com/advisories/Bb_6.zip", - "refsource" : "MISC", - "url" : "http://www.ipomonis.com/advisories/Bb_6.zip" - }, - { - "name" : "21619", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipomonis.com/advisories/Bb_6.zip", + "refsource": "MISC", + "url": "http://www.ipomonis.com/advisories/Bb_6.zip" + }, + { + "name": "21619", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21619" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4384.json b/2005/4xxx/CVE-2005-4384.json index 5793ea09a1a..1ee88ba707a 100644 --- a/2005/4xxx/CVE-2005-4384.json +++ b/2005/4xxx/CVE-2005-4384.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html" - }, - { - "name" : "21857", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21857" - }, - { - "name" : "21858", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21858" - }, - { - "name" : "18145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18145" - }, - { - "name" : "communityenterprise-path-disclosure(23822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18145" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html" + }, + { + "name": "communityenterprise-path-disclosure(23822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23822" + }, + { + "name": "21857", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21857" + }, + { + "name": "21858", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21858" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4752.json b/2005/4xxx/CVE-2005-4752.json index 61378be4a68..f90d52657e7 100644 --- a/2005/4xxx/CVE-2005-4752.json +++ b/2005/4xxx/CVE-2005-4752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-88.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/142" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + }, + { + "name": "BEA05-88.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/142" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0379.json b/2009/0xxx/CVE-2009-0379.json index be45fac2862..dc3c2ef887f 100644 --- a/2009/0xxx/CVE-2009-0379.json +++ b/2009/0xxx/CVE-2009-0379.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7846", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7846" - }, - { - "name" : "33394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33394" - }, - { - "name" : "joomla-pcchess-gameid-sql-injection(48144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7846", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7846" + }, + { + "name": "33394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33394" + }, + { + "name": "joomla-pcchess-gameid-sql-injection(48144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48144" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2178.json b/2009/2xxx/CVE-2009-2178.json index a9a93f26936..0bbba6701e3 100644 --- a/2009/2xxx/CVE-2009-2178.json +++ b/2009/2xxx/CVE-2009-2178.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8990" - }, - { - "name" : "55316", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55316", + "refsource": "OSVDB", + "url": "http://osvdb.org/55316" + }, + { + "name": "8990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8990" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2239.json b/2009/2xxx/CVE-2009-2239.json index 036e3516309..f658e428de3 100644 --- a/2009/2xxx/CVE-2009-2239.json +++ b/2009/2xxx/CVE-2009-2239.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8743", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8743" - }, - { - "name" : "35041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35041" - }, - { - "name" : "casino-index-sql-injection(50645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "casino-index-sql-injection(50645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50645" + }, + { + "name": "35041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35041" + }, + { + "name": "8743", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8743" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2362.json b/2009/2xxx/CVE-2009-2362.json index 9b975c92303..1c43ee8cfd5 100644 --- a/2009/2xxx/CVE-2009-2362.json +++ b/2009/2xxx/CVE-2009-2362.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/audioplus-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/audioplus-overflow.txt" - }, - { - "name" : "9064", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9064" - }, - { - "name" : "55528", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55528" - }, - { - "name" : "35673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35673" - }, - { - "name" : "ADV-2009-1764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1764" - }, - { - "name" : "audioplus-lst-m3u-bo(51484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9064", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9064" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/audioplus-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/audioplus-overflow.txt" + }, + { + "name": "55528", + "refsource": "OSVDB", + "url": "http://osvdb.org/55528" + }, + { + "name": "audioplus-lst-m3u-bo(51484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51484" + }, + { + "name": "35673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35673" + }, + { + "name": "ADV-2009-1764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1764" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2424.json b/2009/2xxx/CVE-2009-2424.json index ae456e8ba99..80997da7849 100644 --- a/2009/2xxx/CVE-2009-2424.json +++ b/2009/2xxx/CVE-2009-2424.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0907-exploits/ebayclone2009-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0907-exploits/ebayclone2009-sqlxss.txt" - }, - { - "name" : "35713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35713" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0907-exploits/ebayclone2009-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0907-exploits/ebayclone2009-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2675.json b/2009/2xxx/CVE-2009-2675.json index a5f02224255..866d864306b 100644 --- a/2009/2xxx/CVE-2009-2675.json +++ b/2009/2xxx/CVE-2009-2675.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090804 Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-049/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-049/" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "APPLE-SA-2009-09-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" - }, - { - "name" : "FEDORA-2009-8329", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" - }, - { - "name" : "FEDORA-2009-8337", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02476", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "SSRT090250", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2" - }, - { - "name" : "MDVSA-2009:209", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" - }, - { - "name" : "RHSA-2009:1199", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1199.html" - }, - { - "name" : "RHSA-2009:1200", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html" - }, - { - "name" : "RHSA-2009:1201", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html" - }, - { - "name" : "263488", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1" - }, - { - "name" : "SUSE-SA:2009:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:053", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "oval:org.mitre.oval:def:10840", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10840" - }, - { - "name" : "oval:org.mitre.oval:def:8415", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8415" - }, - { - "name" : "36162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36162" - }, - { - "name" : "36176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36176" - }, - { - "name" : "36180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36180" - }, - { - "name" : "36199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36199" - }, - { - "name" : "36248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36248" - }, - { - "name" : "37300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37300" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-2543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2543" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "jre-pak200-bo(52307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090804 Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814" + }, + { + "name": "263488", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1" + }, + { + "name": "oval:org.mitre.oval:def:10840", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10840" + }, + { + "name": "RHSA-2009:1200", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html" + }, + { + "name": "RHSA-2009:1199", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html" + }, + { + "name": "36162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36162" + }, + { + "name": "ADV-2009-2543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2543" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02476", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "jre-pak200-bo(52307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52307" + }, + { + "name": "36199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36199" + }, + { + "name": "36248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36248" + }, + { + "name": "MDVSA-2009:209", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209" + }, + { + "name": "FEDORA-2009-8329", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html" + }, + { + "name": "SSRT090250", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "36180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36180" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1" + }, + { + "name": "oval:org.mitre.oval:def:8415", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8415" + }, + { + "name": "36176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36176" + }, + { + "name": "FEDORA-2009-8337", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "37300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37300" + }, + { + "name": "APPLE-SA-2009-09-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html" + }, + { + "name": "SUSE-SA:2009:053", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html" + }, + { + "name": "RHSA-2009:1201", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html" + }, + { + "name": "SUSE-SA:2009:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-049/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-049/" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2780.json b/2009/2xxx/CVE-2009-2780.json index d297d75b3fd..ed24fdf69b7 100644 --- a/2009/2xxx/CVE-2009-2780.json +++ b/2009/2xxx/CVE-2009-2780.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt" - }, - { - "name" : "56564", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56564" - }, - { - "name" : "56565", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56565" - }, - { - "name" : "56566", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56566" - }, - { - "name" : "56567", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56567" - }, - { - "name" : "56568", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56568" - }, - { - "name" : "56569", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56569" - }, - { - "name" : "36034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36034" - }, - { - "name" : "68classifieds-multiple-xss(52071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56565", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56565" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt" + }, + { + "name": "56568", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56568" + }, + { + "name": "56564", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56564" + }, + { + "name": "68classifieds-multiple-xss(52071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52071" + }, + { + "name": "56566", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56566" + }, + { + "name": "56569", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56569" + }, + { + "name": "36034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36034" + }, + { + "name": "56567", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56567" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3426.json b/2009/3xxx/CVE-2009-3426.json index 4748464934c..73b8cff777b 100644 --- a/2009/3xxx/CVE-2009-3426.json +++ b/2009/3xxx/CVE-2009-3426.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9350", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9350" - }, - { - "name" : "36105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36105" - }, - { - "name" : "ADV-2009-2136", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9350", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9350" + }, + { + "name": "36105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36105" + }, + { + "name": "ADV-2009-2136", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2136" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3648.json b/2009/3xxx/CVE-2009-3648.json index 4c581584925..97bbaa8ff31 100644 --- a/2009/3xxx/CVE-2009-3648.json +++ b/2009/3xxx/CVE-2009-3648.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.madirish.net/?article=251", - "refsource" : "MISC", - "url" : "http://www.madirish.net/?article=251" - }, - { - "name" : "36584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36584" - }, - { - "name" : "servicelinks-content-type-xss(53633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "servicelinks-content-type-xss(53633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53633" + }, + { + "name": "36584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36584" + }, + { + "name": "http://www.madirish.net/?article=251", + "refsource": "MISC", + "url": "http://www.madirish.net/?article=251" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3917.json b/2009/3xxx/CVE-2009-3917.json index 0247c70cac7..2ec14d02445 100644 --- a/2009/3xxx/CVE-2009-3917.json +++ b/2009/3xxx/CVE-2009-3917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/623508", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/623508" - }, - { - "name" : "36923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36923" - }, - { - "name" : "59678", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59678" - }, - { - "name" : "37285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37285" - }, - { - "name" : "s5pp-htmlhead-xss(54147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36923" + }, + { + "name": "http://drupal.org/node/623508", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/623508" + }, + { + "name": "37285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37285" + }, + { + "name": "s5pp-htmlhead-xss(54147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54147" + }, + { + "name": "59678", + "refsource": "OSVDB", + "url": "http://osvdb.org/59678" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3989.json b/2009/3xxx/CVE-2009-3989.json index 36b23d6f5a8..39c656f8935 100644 --- a/2009/3xxx/CVE-2009-3989.json +++ b/2009/3xxx/CVE-2009-3989.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100201 Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509282/100/0/threaded" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=314871", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=314871" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=434801", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=434801" - }, - { - "name" : "38025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38025" - }, - { - "name" : "38443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38443" - }, - { - "name" : "ADV-2010-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0261" - }, - { - "name" : "bugzilla-files-info-disclosure(56003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=314871", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=314871" + }, + { + "name": "bugzilla-files-info-disclosure(56003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56003" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=434801", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=434801" + }, + { + "name": "ADV-2010-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0261" + }, + { + "name": "38025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38025" + }, + { + "name": "20100201 Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509282/100/0/threaded" + }, + { + "name": "38443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38443" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4251.json b/2009/4xxx/CVE-2009-4251.json index c9794d159ac..5d795f0352a 100644 --- a/2009/4xxx/CVE-2009-4251.json +++ b/2009/4xxx/CVE-2009-4251.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.freeforums.org/post8780.html", - "refsource" : "MISC", - "url" : "http://aluigi.freeforums.org/post8780.html" - }, - { - "name" : "http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt" - }, - { - "name" : "37204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37204" - }, - { - "name" : "60592", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60592" - }, - { - "name" : "37591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37591" - }, - { - "name" : "ADV-2009-3418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3418" - }, - { - "name" : "paintshoppro-png-bo(54551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37204" + }, + { + "name": "60592", + "refsource": "OSVDB", + "url": "http://osvdb.org/60592" + }, + { + "name": "paintshoppro-png-bo(54551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54551" + }, + { + "name": "37591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37591" + }, + { + "name": "ADV-2009-3418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3418" + }, + { + "name": "http://aluigi.freeforums.org/post8780.html", + "refsource": "MISC", + "url": "http://aluigi.freeforums.org/post8780.html" + }, + { + "name": "http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0912-exploits/jasc-overflow.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0063.json b/2015/0xxx/CVE-2015-0063.json index f8708ac7fbb..9f88dd71be4 100644 --- a/2015/0xxx/CVE-2015-0063.json +++ b/2015/0xxx/CVE-2015-0063.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012" - }, - { - "name" : "72460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72460" - }, - { - "name" : "1031720", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031720" - }, - { - "name" : "62808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62808" - }, - { - "name" : "ms-excel-cve20150063-code-exec(100439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Excel Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62808" + }, + { + "name": "MS15-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-012" + }, + { + "name": "ms-excel-cve20150063-code-exec(100439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100439" + }, + { + "name": "1031720", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031720" + }, + { + "name": "72460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72460" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0095.json b/2015/0xxx/CVE-2015-0095.json index de7c535b0e1..ff2b206d61e 100644 --- a/2015/0xxx/CVE-2015-0095.json +++ b/2015/0xxx/CVE-2015-0095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023" - }, - { - "name" : "72936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72936" - }, - { - "name" : "1031897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031897" + }, + { + "name": "MS15-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023" + }, + { + "name": "72936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72936" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0183.json b/2015/0xxx/CVE-2015-0183.json index e53667ec581..12fc44fa2ab 100644 --- a/2015/0xxx/CVE-2015-0183.json +++ b/2015/0xxx/CVE-2015-0183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0710.json b/2015/0xxx/CVE-2015-0710.json index 9fb3ce8c7c2..38de13f72e0 100644 --- a/2015/0xxx/CVE-2015-0710.json +++ b/2015/0xxx/CVE-2015-0710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150428 Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38549" - }, - { - "name" : "1032212", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150428 Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38549" + }, + { + "name": "1032212", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032212" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1048.json b/2015/1xxx/CVE-2015-1048.json index da7fbb046a4..12b9c5b1ab3 100644 --- a/2015/1xxx/CVE-2015-1048.json +++ b/2015/1xxx/CVE-2015-1048.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-597212.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1130.json b/2015/1xxx/CVE-2015-1130.json index 50cb7d50df9..79bcbcf702b 100644 --- a/2015/1xxx/CVE-2015-1130.json +++ b/2015/1xxx/CVE-2015-1130.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36692", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36692/" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "120418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/120418" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "120418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/120418" + }, + { + "name": "36692", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36692/" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1362.json b/2015/1xxx/CVE-2015-1362.json index 0dcf5117af5..76864d46629 100644 --- a/2015/1xxx/CVE-2015-1362.json +++ b/2015/1xxx/CVE-2015-1362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35870", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35870" - }, - { - "name" : "http://packetstormsecurity.com/files/130037/Exif-Pilot-4.7.2-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130037/Exif-Pilot-4.7.2-Buffer-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130037/Exif-Pilot-4.7.2-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130037/Exif-Pilot-4.7.2-Buffer-Overflow.html" + }, + { + "name": "35870", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35870" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1369.json b/2015/1xxx/CVE-2015-1369.json index f630ab5cd6a..eac56ade283 100644 --- a/2015/1xxx/CVE-2015-1369.json +++ b/2015/1xxx/CVE-2015-1369.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150122 CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/23/2" - }, - { - "name" : "https://nodesecurity.io/advisories/sequelize-sql-injection-order", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/sequelize-sql-injection-order" - }, - { - "name" : "https://github.com/sequelize/sequelize/pull/2919", - "refsource" : "CONFIRM", - "url" : "https://github.com/sequelize/sequelize/pull/2919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sequelize/sequelize/pull/2919", + "refsource": "CONFIRM", + "url": "https://github.com/sequelize/sequelize/pull/2919" + }, + { + "name": "https://nodesecurity.io/advisories/sequelize-sql-injection-order", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/sequelize-sql-injection-order" + }, + { + "name": "[oss-security] 20150122 CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/23/2" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4195.json b/2015/4xxx/CVE-2015-4195.json index baec4a0600e..f51257c79c3 100644 --- a/2015/4xxx/CVE-2015-4195.json +++ b/2015/4xxx/CVE-2015-4195.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150618 Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39402" - }, - { - "name" : "75295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75295" - }, - { - "name" : "1032661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75295" + }, + { + "name": "20150618 Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39402" + }, + { + "name": "1032661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032661" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4474.json b/2015/4xxx/CVE-2015-4474.json index d872e5bafbd..0b17dc26a77 100644 --- a/2015/4xxx/CVE-2015-4474.json +++ b/2015/4xxx/CVE-2015-4474.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-4474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-79.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-79.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1143130", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1143130" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1161719", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1161719" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177501", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177501" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1181204", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1181204" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1184068", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1184068" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1188590", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1188590" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "openSUSE-SU-2015:1389", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" - }, - { - "name" : "openSUSE-SU-2015:1390", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:2081", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:1449", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" - }, - { - "name" : "SUSE-SU-2015:1528", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" - }, - { - "name" : "USN-2702-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-1" - }, - { - "name" : "USN-2702-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-2" - }, - { - "name" : "USN-2702-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2702-3" - }, - { - "name" : "1033372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033372" - }, - { - "name" : "1033247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:2081", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-79.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-79.html" + }, + { + "name": "USN-2702-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-3" + }, + { + "name": "openSUSE-SU-2015:1389", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1143130", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1143130" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188590", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1188590" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1161719", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1161719" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:1528", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html" + }, + { + "name": "1033247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033247" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177501", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177501" + }, + { + "name": "USN-2702-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-2" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184068", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1184068" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1181204", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1181204" + }, + { + "name": "USN-2702-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2702-1" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "1033372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033372" + }, + { + "name": "SUSE-SU-2015:1449", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" + }, + { + "name": "openSUSE-SU-2015:1390", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4901.json b/2015/4xxx/CVE-2015-4901.json index 4ef505d4b87..5248338b090 100644 --- a/2015/4xxx/CVE-2015-4901.json +++ b/2015/4xxx/CVE-2015-4901.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "GLSA-201603-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-11" - }, - { - "name" : "RHSA-2015:1926", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1926.html" - }, - { - "name" : "openSUSE-SU-2016:0270", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" - }, - { - "name" : "openSUSE-SU-2015:1905", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" - }, - { - "name" : "77226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77226" - }, - { - "name" : "1033884", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1905", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" + }, + { + "name": "77226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77226" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "1033884", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033884" + }, + { + "name": "openSUSE-SU-2016:0270", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" + }, + { + "name": "GLSA-201603-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-11" + }, + { + "name": "RHSA-2015:1926", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1926.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5159.json b/2015/5xxx/CVE-2015-5159.json index 84082e75328..bed056b54b8 100644 --- a/2015/5xxx/CVE-2015-5159.json +++ b/2015/5xxx/CVE-2015-5159.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245200" - }, - { - "name" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", - "refsource" : "CONFIRM", - "url" : "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245200", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245200" + }, + { + "name": "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882", + "refsource": "CONFIRM", + "url": "https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5629.json b/2015/5xxx/CVE-2015-5629.json index 79933f28c7c..2011f56ff59 100644 --- a/2015/5xxx/CVE-2015-5629.json +++ b/2015/5xxx/CVE-2015-5629.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8", - "refsource" : "MISC", - "url" : "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8" - }, - { - "name" : "https://play.google.com/store/apps/details?id=com.nttbp.jfw", - "refsource" : "MISC", - "url" : "https://play.google.com/store/apps/details?id=com.nttbp.jfw" - }, - { - "name" : "JVN#04644117", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN04644117/index.html" - }, - { - "name" : "JVNDB-2015-000115", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#04644117", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN04644117/index.html" + }, + { + "name": "JVNDB-2015-000115", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000115" + }, + { + "name": "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8", + "refsource": "MISC", + "url": "https://itunes.apple.com/en/app/japan-connected-free-wi-fi/id810838196?mt=8" + }, + { + "name": "https://play.google.com/store/apps/details?id=com.nttbp.jfw", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=com.nttbp.jfw" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5897.json b/2015/5xxx/CVE-2015-5897.json index 0e7d1c70344..f63f27e0c2b 100644 --- a/2015/5xxx/CVE-2015-5897.json +++ b/2015/5xxx/CVE-2015-5897.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5990.json b/2015/5xxx/CVE-2015-5990.json index 7f2dfd16b23..b5b0f692195 100644 --- a/2015/5xxx/CVE-2015-5990.json +++ b/2015/5xxx/CVE-2015-5990.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-5990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#201168", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/201168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#201168", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/201168" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3090.json b/2018/3xxx/CVE-2018-3090.json index e18950320cf..232e644e960 100644 --- a/2018/3xxx/CVE-2018-3090.json +++ b/2018/3xxx/CVE-2018-3090.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.2.16" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.2.16" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104764" - }, - { - "name" : "1041296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104764" + }, + { + "name": "1041296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041296" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3915.json b/2018/3xxx/CVE-2018-3915.json index f1f93a965a4..e013352e1fb 100644 --- a/2018/3xxx/CVE-2018-3915.json +++ b/2018/3xxx/CVE-2018-3915.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long \"bucket\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long \"bucket\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6970.json b/2018/6xxx/CVE-2018-6970.json index 72fff1978ee..75e19706a8a 100644 --- a/2018/6xxx/CVE-2018-6970.json +++ b/2018/6xxx/CVE-2018-6970.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2018-08-07T00:00:00", - "ID" : "CVE-2018-6970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware Horizon 6, Horizon 7, and Horizon Client", - "version" : { - "version_data" : [ - { - "version_value" : "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2018-08-07T00:00:00", + "ID": "CVE-2018-6970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware Horizon 6, Horizon 7, and Horizon Client", + "version": { + "version_data": [ + { + "version_value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2018-0019.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2018-0019.html" - }, - { - "name" : "105031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105031" - }, - { - "name" : "1041430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041430" + }, + { + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html" + }, + { + "name": "105031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105031" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7469.json b/2018/7xxx/CVE-2018-7469.json index 951dbbaee83..42d25d4a714 100644 --- a/2018/7xxx/CVE-2018-7469.json +++ b/2018/7xxx/CVE-2018-7469.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://neetech18.blogspot.in/2018/02/stored-xss-vulnerability-in-php-scripts.html", - "refsource" : "MISC", - "url" : "https://neetech18.blogspot.in/2018/02/stored-xss-vulnerability-in-php-scripts.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://neetech18.blogspot.in/2018/02/stored-xss-vulnerability-in-php-scripts.html", + "refsource": "MISC", + "url": "https://neetech18.blogspot.in/2018/02/stored-xss-vulnerability-in-php-scripts.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7503.json b/2018/7xxx/CVE-2018-7503.json index 602bfaa0d64..3a6fede2ad8 100644 --- a/2018/7xxx/CVE-2018-7503.json +++ b/2018/7xxx/CVE-2018-7503.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-7503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "PATH TRAVERSAL CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-7503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "name" : "104190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PATH TRAVERSAL CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104190" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7864.json b/2018/7xxx/CVE-2018-7864.json index c7e95ad5bcd..dadea3ccd7c 100644 --- a/2018/7xxx/CVE-2018-7864.json +++ b/2018/7xxx/CVE-2018-7864.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7864", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7864", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7944.json b/2018/7xxx/CVE-2018-7944.json index fc882861698..ec5cfbd8544 100644 --- a/2018/7xxx/CVE-2018-7944.json +++ b/2018/7xxx/CVE-2018-7944.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emily-AL00A", - "version" : { - "version_data" : [ - { - "version_value" : "8.1.0.106(SP2C00) and 8.1.0.107(SP5C00)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Factory Reset Protection (FRP) bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emily-AL00A", + "version": { + "version_data": [ + { + "version_value": "8.1.0.106(SP2C00) and 8.1.0.107(SP5C00)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Factory Reset Protection (FRP) bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180622-01-bypass-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8218.json b/2018/8xxx/CVE-2018-8218.json index 9d22be1e75c..15544483af9 100644 --- a/2018/8xxx/CVE-2018-8218.json +++ b/2018/8xxx/CVE-2018-8218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1709 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1709 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8218", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8218" - }, - { - "name" : "104402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104402" - }, - { - "name" : "1041110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041110" + }, + { + "name": "104402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104402" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8218", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8218" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8395.json b/2018/8xxx/CVE-2018-8395.json index bd65c6586ba..2556b8ae3e1 100644 --- a/2018/8xxx/CVE-2018-8395.json +++ b/2018/8xxx/CVE-2018-8395.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8395", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8395", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file