From ec571d8a71a629b773f024f3804a8e33517e5047 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:35:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0164.json | 34 +- 2005/0xxx/CVE-2005-0527.json | 210 ++++---- 2005/0xxx/CVE-2005-0656.json | 150 +++--- 2005/1xxx/CVE-2005-1390.json | 34 +- 2005/3xxx/CVE-2005-3117.json | 34 +- 2005/3xxx/CVE-2005-3625.json | 960 +++++++++++++++++------------------ 2005/3xxx/CVE-2005-3739.json | 170 +++---- 2005/3xxx/CVE-2005-3835.json | 140 ++--- 2005/4xxx/CVE-2005-4677.json | 180 +++---- 2005/4xxx/CVE-2005-4831.json | 150 +++--- 2009/0xxx/CVE-2009-0292.json | 140 ++--- 2009/2xxx/CVE-2009-2864.json | 190 +++---- 2009/3xxx/CVE-2009-3054.json | 140 ++--- 2009/3xxx/CVE-2009-3225.json | 140 ++--- 2009/3xxx/CVE-2009-3467.json | 140 ++--- 2009/4xxx/CVE-2009-4087.json | 160 +++--- 2009/4xxx/CVE-2009-4104.json | 150 +++--- 2009/4xxx/CVE-2009-4640.json | 260 +++++----- 2009/4xxx/CVE-2009-4934.json | 140 ++--- 2012/2xxx/CVE-2012-2522.json | 140 ++--- 2012/2xxx/CVE-2012-2554.json | 34 +- 2012/2xxx/CVE-2012-2686.json | 240 ++++----- 2015/0xxx/CVE-2015-0130.json | 120 ++--- 2015/0xxx/CVE-2015-0523.json | 140 ++--- 2015/0xxx/CVE-2015-0955.json | 34 +- 2015/1xxx/CVE-2015-1060.json | 160 +++--- 2015/1xxx/CVE-2015-1368.json | 230 ++++----- 2015/1xxx/CVE-2015-1724.json | 140 ++--- 2015/1xxx/CVE-2015-1904.json | 140 ++--- 2015/5xxx/CVE-2015-5107.json | 140 ++--- 2015/5xxx/CVE-2015-5195.json | 280 +++++----- 2015/5xxx/CVE-2015-5585.json | 34 +- 2015/5xxx/CVE-2015-5872.json | 140 ++--- 2018/3xxx/CVE-2018-3190.json | 158 +++--- 2018/3xxx/CVE-2018-3311.json | 132 ++--- 2018/3xxx/CVE-2018-3481.json | 34 +- 2018/3xxx/CVE-2018-3603.json | 130 ++--- 2018/3xxx/CVE-2018-3733.json | 132 ++--- 2018/6xxx/CVE-2018-6453.json | 34 +- 2018/7xxx/CVE-2018-7063.json | 120 ++--- 2018/7xxx/CVE-2018-7173.json | 120 ++--- 2018/7xxx/CVE-2018-7243.json | 120 ++--- 2018/7xxx/CVE-2018-7357.json | 168 +++--- 2018/7xxx/CVE-2018-7874.json | 130 ++--- 2018/8xxx/CVE-2018-8087.json | 230 ++++----- 2018/8xxx/CVE-2018-8354.json | 220 ++++---- 2018/8xxx/CVE-2018-8517.json | 544 ++++++++++---------- 2018/8xxx/CVE-2018-8970.json | 140 ++--- 48 files changed, 3953 insertions(+), 3953 deletions(-) diff --git a/2005/0xxx/CVE-2005-0164.json b/2005/0xxx/CVE-2005-0164.json index d124d5603a2..db4f306e628 100644 --- a/2005/0xxx/CVE-2005-0164.json +++ b/2005/0xxx/CVE-2005-0164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0527.json b/2005/0xxx/CVE-2005-0527.json index 931581a54f7..0060997ac6b 100644 --- a/2005/0xxx/CVE-2005-0527.json +++ b/2005/0xxx/CVE-2005-0527.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load \"privileged content\" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka \"Firescrolling.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050225 Firescrolling [Firefox 1.0]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110935267500395&w=2" - }, - { - "name" : "http://www.mikx.de/?p=11", - "refsource" : "MISC", - "url" : "http://www.mikx.de/?p=11" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-27.html" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "oval:org.mitre.oval:def:100031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100031" - }, - { - "name" : "oval:org.mitre.oval:def:11772", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11772" - }, - { - "name" : "1013301", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load \"privileged content\" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka \"Firescrolling.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mikx.de/?p=11", + "refsource": "MISC", + "url": "http://www.mikx.de/?p=11" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-27.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-27.html" + }, + { + "name": "1013301", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013301" + }, + { + "name": "20050225 Firescrolling [Firefox 1.0]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110935267500395&w=2" + }, + { + "name": "oval:org.mitre.oval:def:11772", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11772" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "oval:org.mitre.oval:def:100031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100031" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0656.json b/2005/0xxx/CVE-2005-0656.json index 982097ac1dd..39fac1af95b 100644 --- a/2005/0xxx/CVE-2005-0656.json +++ b/2005/0xxx/CVE-2005-0656.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 Vulnerabilities in Aura CMS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110979842315750&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv011-y3dips-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv011-y3dips-2005.txt" - }, - { - "name" : "1013357", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013357" - }, - { - "name" : "14458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050302 Vulnerabilities in Aura CMS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110979842315750&w=2" + }, + { + "name": "http://echo.or.id/adv/adv011-y3dips-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv011-y3dips-2005.txt" + }, + { + "name": "1013357", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013357" + }, + { + "name": "14458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14458" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1390.json b/2005/1xxx/CVE-2005-1390.json index f0439a89682..7e31c2a1f94 100644 --- a/2005/1xxx/CVE-2005-1390.json +++ b/2005/1xxx/CVE-2005-1390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1390", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0174. Reason: This candidate is a duplicate of CVE-2005-0174. Notes: All CVE users should reference CVE-2005-0174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1390", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0174. Reason: This candidate is a duplicate of CVE-2005-0174. Notes: All CVE users should reference CVE-2005-0174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3117.json b/2005/3xxx/CVE-2005-3117.json index 2516eddff8b..1ae3dc81769 100644 --- a/2005/3xxx/CVE-2005-3117.json +++ b/2005/3xxx/CVE-2005-3117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3117", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3150. Reason: This candidate was privately assigned by a CNA to an issue, but the issue was published through separate channels and assigned a new identifier by the MITRE CNA, so it is a duplicate of CVE-2005-3150. Notes: All CVE users should reference CVE-2005-3150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-3117", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3150. Reason: This candidate was privately assigned by a CNA to an issue, but the issue was published through separate channels and assigned a new identifier by the MITRE CNA, so it is a duplicate of CVE-2005-3150. Notes: All CVE users should reference CVE-2005-3150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3625.json b/2005/3xxx/CVE-2005-3625.json index b9ebba57d32..b680781785c 100644 --- a/2005/3xxx/CVE-2005-3625.json +++ b/2005/3xxx/CVE-2005-3625.json @@ -1,482 +1,482 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2005-003.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2005-003.txt" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20051207-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20051207-2.txt" - }, - { - "name" : "DSA-931", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-931" - }, - { - "name" : "DSA-932", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-932" - }, - { - "name" : "DSA-937", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-937" - }, - { - "name" : "DSA-938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-938" - }, - { - "name" : "DSA-940", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-940" - }, - { - "name" : "DSA-936", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-936" - }, - { - "name" : "DSA-950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-950" - }, - { - "name" : "DSA-961", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-961" - }, - { - "name" : "DSA-962", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-962" - }, - { - "name" : "FLSA:175404", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" - }, - { - "name" : "FEDORA-2005-025", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html" - }, - { - "name" : "FEDORA-2005-026", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html" - }, - { - "name" : "FLSA-2006:176751", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" - }, - { - "name" : "GLSA-200601-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" - }, - { - "name" : "GLSA-200601-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml" - }, - { - "name" : "MDKSA-2006:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" - }, - { - "name" : "MDKSA-2006:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" - }, - { - "name" : "MDKSA-2006:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" - }, - { - "name" : "MDKSA-2006:005", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" - }, - { - "name" : "MDKSA-2006:006", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" - }, - { - "name" : "MDKSA-2006:008", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" - }, - { - "name" : "MDKSA-2006:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" - }, - { - "name" : "MDKSA-2006:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" - }, - { - "name" : "RHSA-2006:0177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0177.html" - }, - { - "name" : "RHSA-2006:0160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" - }, - { - "name" : "RHSA-2006:0163", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0163.html" - }, - { - "name" : "SCOSA-2006.15", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" - }, - { - "name" : "20051201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "20060201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" - }, - { - "name" : "SSA:2006-045-04", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" - }, - { - "name" : "SSA:2006-045-09", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" - }, - { - "name" : "102972", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" - }, - { - "name" : "SUSE-SA:2006:001", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" - }, - { - "name" : "2006-0002", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0002/" - }, - { - "name" : "USN-236-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/236-1/" - }, - { - "name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html" - }, - { - "name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html" - }, - { - "name" : "16143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16143" - }, - { - "name" : "oval:org.mitre.oval:def:9575", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575" - }, - { - "name" : "ADV-2006-0047", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0047" - }, - { - "name" : "ADV-2007-2280", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2280" - }, - { - "name" : "18303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18303" - }, - { - "name" : "18312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18312" - }, - { - "name" : "18313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18313" - }, - { - "name" : "18329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18329" - }, - { - "name" : "18332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18332" - }, - { - "name" : "18334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18334" - }, - { - "name" : "18335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18335" - }, - { - "name" : "18387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18387" - }, - { - "name" : "18416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18416" - }, - { - "name" : "18338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18338" - }, - { - "name" : "18349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18349" - }, - { - "name" : "18375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18375" - }, - { - "name" : "18385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18385" - }, - { - "name" : "18389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18389" - }, - { - "name" : "18423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18423" - }, - { - "name" : "18448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18448" - }, - { - "name" : "18398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18398" - }, - { - "name" : "18407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18407" - }, - { - "name" : "18534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18534" - }, - { - "name" : "18582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18582" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "18554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18554" - }, - { - "name" : "18642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18642" - }, - { - "name" : "18644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18644" - }, - { - "name" : "18674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18674" - }, - { - "name" : "18675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18675" - }, - { - "name" : "18679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18679" - }, - { - "name" : "18908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18908" - }, - { - "name" : "18913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18913" - }, - { - "name" : "19230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19230" - }, - { - "name" : "19377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19377" - }, - { - "name" : "18425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18425" - }, - { - "name" : "18463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18463" - }, - { - "name" : "18147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18147" - }, - { - "name" : "18373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18373" - }, - { - "name" : "18380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18380" - }, - { - "name" : "18414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18414" - }, - { - "name" : "18428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18428" - }, - { - "name" : "18436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18436" - }, - { - "name" : "25729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25729" - }, - { - "name" : "xpdf-ccittfaxdecode-dctdecode-dos(24023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16143" + }, + { + "name": "DSA-932", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-932" + }, + { + "name": "18349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18349" + }, + { + "name": "oval:org.mitre.oval:def:9575", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575" + }, + { + "name": "18147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18147" + }, + { + "name": "SCOSA-2006.15", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" + }, + { + "name": "http://scary.beasts.org/security/CESA-2005-003.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2005-003.txt" + }, + { + "name": "http://www.kde.org/info/security/advisory-20051207-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20051207-2.txt" + }, + { + "name": "18679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18679" + }, + { + "name": "18312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18312" + }, + { + "name": "18644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18644" + }, + { + "name": "USN-236-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/236-1/" + }, + { + "name": "18425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18425" + }, + { + "name": "18373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18373" + }, + { + "name": "18303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18303" + }, + { + "name": "DSA-931", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-931" + }, + { + "name": "18554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18554" + }, + { + "name": "MDKSA-2006:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" + }, + { + "name": "19230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19230" + }, + { + "name": "102972", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" + }, + { + "name": "MDKSA-2006:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" + }, + { + "name": "DSA-962", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-962" + }, + { + "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html" + }, + { + "name": "RHSA-2006:0163", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0163.html" + }, + { + "name": "DSA-937", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-937" + }, + { + "name": "18398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18398" + }, + { + "name": "FLSA-2006:176751", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded" + }, + { + "name": "2006-0002", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0002/" + }, + { + "name": "SUSE-SA:2006:001", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" + }, + { + "name": "DSA-936", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-936" + }, + { + "name": "FEDORA-2005-026", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html" + }, + { + "name": "18329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18329" + }, + { + "name": "18463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18463" + }, + { + "name": "18642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18642" + }, + { + "name": "18674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18674" + }, + { + "name": "MDKSA-2006:005", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" + }, + { + "name": "18313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18313" + }, + { + "name": "20051201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "18448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18448" + }, + { + "name": "18436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18436" + }, + { + "name": "18428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18428" + }, + { + "name": "18380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18380" + }, + { + "name": "18423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18423" + }, + { + "name": "18416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18416" + }, + { + "name": "RHSA-2006:0177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0177.html" + }, + { + "name": "ADV-2007-2280", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2280" + }, + { + "name": "GLSA-200601-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" + }, + { + "name": "18335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18335" + }, + { + "name": "18407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18407" + }, + { + "name": "18332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18332" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "18582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18582" + }, + { + "name": "18534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18534" + }, + { + "name": "SSA:2006-045-09", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" + }, + { + "name": "xpdf-ccittfaxdecode-dctdecode-dos(24023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24023" + }, + { + "name": "18908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18908" + }, + { + "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html" + }, + { + "name": "25729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25729" + }, + { + "name": "18414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18414" + }, + { + "name": "MDKSA-2006:006", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" + }, + { + "name": "18338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18338" + }, + { + "name": "MDKSA-2006:008", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" + }, + { + "name": "20060201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" + }, + { + "name": "RHSA-2006:0160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html" + }, + { + "name": "MDKSA-2006:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" + }, + { + "name": "DSA-940", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-940" + }, + { + "name": "MDKSA-2006:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" + }, + { + "name": "ADV-2006-0047", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0047" + }, + { + "name": "GLSA-200601-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml" + }, + { + "name": "18389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18389" + }, + { + "name": "SSA:2006-045-04", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" + }, + { + "name": "19377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19377" + }, + { + "name": "FEDORA-2005-025", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html" + }, + { + "name": "FLSA:175404", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded" + }, + { + "name": "DSA-961", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-961" + }, + { + "name": "18675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18675" + }, + { + "name": "18913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18913" + }, + { + "name": "DSA-938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-938" + }, + { + "name": "18334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18334" + }, + { + "name": "18375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18375" + }, + { + "name": "DSA-950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-950" + }, + { + "name": "18387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18387" + }, + { + "name": "MDKSA-2006:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" + }, + { + "name": "18385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18385" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3739.json b/2005/3xxx/CVE-2005-3739.json index 23756aac12b..8346fbff6e4 100644 --- a/2005/3xxx/CVE-2005-3739.json +++ b/2005/3xxx/CVE-2005-3739.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Nov/0232.html" - }, - { - "name" : "20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Nov/0237.html" - }, - { - "name" : "http://myblog.it-security23.net/advisories/advisory-6.txt", - "refsource" : "MISC", - "url" : "http://myblog.it-security23.net/advisories/advisory-6.txt" - }, - { - "name" : "ADV-2005-2504", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2504" - }, - { - "name" : "20990", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20990" - }, - { - "name" : "17664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Nov/0237.html" + }, + { + "name": "http://myblog.it-security23.net/advisories/advisory-6.txt", + "refsource": "MISC", + "url": "http://myblog.it-security23.net/advisories/advisory-6.txt" + }, + { + "name": "20990", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20990" + }, + { + "name": "20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Nov/0232.html" + }, + { + "name": "ADV-2005-2504", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2504" + }, + { + "name": "17664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17664" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3835.json b/2005/3xxx/CVE-2005-3835.json index 78c78e7cb3e..eee0b2102c3 100644 --- a/2005/3xxx/CVE-2005-3835.json +++ b/2005/3xxx/CVE-2005-3835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html" - }, - { - "name" : "ADV-2005-2575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2575" - }, - { - "name" : "17730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2575" + }, + { + "name": "17730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17730" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4677.json b/2005/4xxx/CVE-2005-4677.json index c377119a4a4..3d120551c19 100644 --- a/2005/4xxx/CVE-2005-4677.json +++ b/2005/4xxx/CVE-2005-4677.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051006 OScommerce: \"Additional Images\" Module SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html" - }, - { - "name" : "http://www.oscommerce.com/community/contributions,1032", - "refsource" : "MISC", - "url" : "http://www.oscommerce.com/community/contributions,1032" - }, - { - "name" : "15023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15023" - }, - { - "name" : "ADV-2005-1974", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1974" - }, - { - "name" : "19874", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19874" - }, - { - "name" : "17082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17082" - }, - { - "name" : "oscommerce-productinfo-sql-injection(22528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19874", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19874" + }, + { + "name": "17082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17082" + }, + { + "name": "15023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15023" + }, + { + "name": "ADV-2005-1974", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1974" + }, + { + "name": "20051006 OScommerce: \"Additional Images\" Module SQL Injection", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html" + }, + { + "name": "http://www.oscommerce.com/community/contributions,1032", + "refsource": "MISC", + "url": "http://www.oscommerce.com/community/contributions,1032" + }, + { + "name": "oscommerce-productinfo-sql-injection(22528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22528" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4831.json b/2005/4xxx/CVE-2005-4831.json index ac88375dbec..c0e85fcb488 100644 --- a/2005/4xxx/CVE-2005-4831.json +++ b/2005/4xxx/CVE-2005-4831.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) \"text/html\", or (2) \"image/jpeg\" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070226 ViewCVS 0.9.4 issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/461382/100/0/threaded" - }, - { - "name" : "20050101 Two Vulnerabilities in ViewCVS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html" - }, - { - "name" : "12112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12112" - }, - { - "name" : "1017704", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) \"text/html\", or (2) \"image/jpeg\" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050101 Two Vulnerabilities in ViewCVS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html" + }, + { + "name": "1017704", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017704" + }, + { + "name": "20070226 ViewCVS 0.9.4 issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/461382/100/0/threaded" + }, + { + "name": "12112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12112" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0292.json b/2009/0xxx/CVE-2009-0292.json index da6476dbcca..3dbfacb11b3 100644 --- a/2009/0xxx/CVE-2009-0292.json +++ b/2009/0xxx/CVE-2009-0292.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7874" - }, - { - "name" : "51615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51615" - }, - { - "name" : "33660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7874" + }, + { + "name": "51615", + "refsource": "OSVDB", + "url": "http://osvdb.org/51615" + }, + { + "name": "33660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33660" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2864.json b/2009/2xxx/CVE-2009-2864.json index a3b0020dffb..734fb4d0194 100644 --- a/2009/2xxx/CVE-2009-2864.json +++ b/2009/2xxx/CVE-2009-2864.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883" - }, - { - "name" : "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml" - }, - { - "name" : "36496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36496" - }, - { - "name" : "58344", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58344" - }, - { - "name" : "1022931", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022931" - }, - { - "name" : "36836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36836" - }, - { - "name" : "ADV-2009-2757", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2757" - }, - { - "name" : "cisco-ucm-sip-dos(53447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58344", + "refsource": "OSVDB", + "url": "http://osvdb.org/58344" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883" + }, + { + "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml" + }, + { + "name": "1022931", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022931" + }, + { + "name": "36836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36836" + }, + { + "name": "ADV-2009-2757", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2757" + }, + { + "name": "cisco-ucm-sip-dos(53447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447" + }, + { + "name": "36496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36496" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3054.json b/2009/3xxx/CVE-2009-3054.json index eb8f71677be..37e9b55a9cb 100644 --- a/2009/3xxx/CVE-2009-3054.json +++ b/2009/3xxx/CVE-2009-3054.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9563", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9563" - }, - { - "name" : "36206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36206" - }, - { - "name" : "artportal-portalid-sql-injection(52962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "artportal-portalid-sql-injection(52962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52962" + }, + { + "name": "9563", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9563" + }, + { + "name": "36206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36206" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3225.json b/2009/3xxx/CVE-2009-3225.json index 1abcca56632..2843e812d78 100644 --- a/2009/3xxx/CVE-2009-3225.json +++ b/2009/3xxx/CVE-2009-3225.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt" - }, - { - "name" : "35816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35816" - }, - { - "name" : "36003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt" + }, + { + "name": "36003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36003" + }, + { + "name": "35816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35816" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3467.json b/2009/3xxx/CVE-2009-3467.json index ecdcdfa647d..6d15ca89c11 100644 --- a/2009/3xxx/CVE-2009-3467.json +++ b/2009/3xxx/CVE-2009-3467.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2009-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html" - }, - { - "name" : "39790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39790" - }, - { - "name" : "ADV-2010-1127", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39790" + }, + { + "name": "ADV-2010-1127", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1127" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4087.json b/2009/4xxx/CVE-2009-4087.json index 48202746778..2718a8af9a1 100644 --- a/2009/4xxx/CVE-2009-4087.json +++ b/2009/4xxx/CVE-2009-4087.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" - }, - { - "name" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", - "refsource" : "CONFIRM", - "url" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" - }, - { - "name" : "60213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60213" - }, - { - "name" : "37391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37391" - }, - { - "name" : "teleparkwiki-index-xss(54293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", + "refsource": "CONFIRM", + "url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" + }, + { + "name": "37391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37391" + }, + { + "name": "teleparkwiki-index-xss(54293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293" + }, + { + "name": "60213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60213" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4104.json b/2009/4xxx/CVE-2009-4104.json index e8b98d2d6ee..3303022563c 100644 --- a/2009/4xxx/CVE-2009-4104.json +++ b/2009/4xxx/CVE-2009-4104.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityreason.com/exploitalert/7480", - "refsource" : "MISC", - "url" : "http://securityreason.com/exploitalert/7480" - }, - { - "name" : "37140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37140" - }, - { - "name" : "60518", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60518" - }, - { - "name" : "37499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37140" + }, + { + "name": "60518", + "refsource": "OSVDB", + "url": "http://osvdb.org/60518" + }, + { + "name": "http://securityreason.com/exploitalert/7480", + "refsource": "MISC", + "url": "http://securityreason.com/exploitalert/7480" + }, + { + "name": "37499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37499" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4640.json b/2009/4xxx/CVE-2009-4640.json index a576e42f774..ab3b9c2094f 100644 --- a/2009/4xxx/CVE-2009-4640.json +++ b/2009/4xxx/CVE-2009-4640.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" - }, - { - "name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", - "refsource" : "MISC", - "url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" - }, - { - "name" : "DSA-2000", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2000" - }, - { - "name" : "MDVSA-2011:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" - }, - { - "name" : "MDVSA-2011:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" - }, - { - "name" : "MDVSA-2011:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" - }, - { - "name" : "USN-931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-931-1" - }, - { - "name" : "36465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36465" - }, - { - "name" : "36805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36805" - }, - { - "name" : "38643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38643" - }, - { - "name" : "39482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39482" - }, - { - "name" : "ADV-2010-0935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0935" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" + }, + { + "name": "36805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36805" + }, + { + "name": "36465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36465" + }, + { + "name": "39482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39482" + }, + { + "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", + "refsource": "MISC", + "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "MDVSA-2011:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" + }, + { + "name": "MDVSA-2011:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" + }, + { + "name": "38643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38643" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "MDVSA-2011:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" + }, + { + "name": "DSA-2000", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2000" + }, + { + "name": "USN-931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-931-1" + }, + { + "name": "ADV-2010-0935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0935" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4934.json b/2009/4xxx/CVE-2009-4934.json index be0d8c08473..f8e1471551c 100644 --- a/2009/4xxx/CVE-2009-4934.json +++ b/2009/4xxx/CVE-2009-4934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt" - }, - { - "name" : "34625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34625" - }, - { - "name" : "34825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34625" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt" + }, + { + "name": "34825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34825" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2522.json b/2012/2xxx/CVE-2012-2522.json index ff41d0e65fd..b8d3f18f395 100644 --- a/2012/2xxx/CVE-2012-2522.json +++ b/2012/2xxx/CVE-2012-2522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" - }, - { - "name" : "TA12-227A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15498", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" + }, + { + "name": "oval:org.mitre.oval:def:15498", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15498" + }, + { + "name": "TA12-227A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2554.json b/2012/2xxx/CVE-2012-2554.json index f915fd68b85..640e6f0e036 100644 --- a/2012/2xxx/CVE-2012-2554.json +++ b/2012/2xxx/CVE-2012-2554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2554", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2554", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2686.json b/2012/2xxx/CVE-2012-2686.json index a69b52be52b..3a09d44e595 100644 --- a/2012/2xxx/CVE-2012-2686.json +++ b/2012/2xxx/CVE-2012-2686.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721", - "refsource" : "CONFIRM", - "url" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721" - }, - { - "name" : "http://www.openssl.org/news/secadv_20130204.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20130204.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=908029", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=908029" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "HPSBUX02909", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" - }, - { - "name" : "SSRT101289", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" - }, - { - "name" : "57755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57755" - }, - { - "name" : "oval:org.mitre.oval:def:18868", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868" - }, - { - "name" : "oval:org.mitre.oval:def:19660", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660" - }, - { - "name" : "55108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55108" - }, - { - "name" : "55139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57755" + }, + { + "name": "55139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55139" + }, + { + "name": "http://www.openssl.org/news/secadv_20130204.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20130204.txt" + }, + { + "name": "oval:org.mitre.oval:def:18868", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868" + }, + { + "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721", + "refsource": "CONFIRM", + "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721" + }, + { + "name": "SSRT101289", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001" + }, + { + "name": "HPSBUX02909", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "55108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55108" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=908029", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908029" + }, + { + "name": "oval:org.mitre.oval:def:19660", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0130.json b/2015/0xxx/CVE-2015-0130.json index e7d6b5325c7..d83755edd0e 100644 --- a/2015/0xxx/CVE-2015-0130.json +++ b/2015/0xxx/CVE-2015-0130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960407", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0523.json b/2015/0xxx/CVE-2015-0523.json index 4563f7a092f..ab796882520 100644 --- a/2015/0xxx/CVE-2015-0523.json +++ b/2015/0xxx/CVE-2015-0523.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150311 ESA-2015-014: RSA Digital Certificate Solution Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/Mar/47" - }, - { - "name" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" - }, - { - "name" : "1031912", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150311 ESA-2015-014: RSA Digital Certificate Solution Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/Mar/47" + }, + { + "name": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" + }, + { + "name": "1031912", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031912" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0955.json b/2015/0xxx/CVE-2015-0955.json index 15779229472..8b4a103b759 100644 --- a/2015/0xxx/CVE-2015-0955.json +++ b/2015/0xxx/CVE-2015-0955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0955", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1060.json b/2015/1xxx/CVE-2015-1060.json index 8a043b0594e..6a11b0f4c1c 100644 --- a/2015/1xxx/CVE-2015-1060.json +++ b/2015/1xxx/CVE-2015-1060.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35710", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35710" - }, - { - "name" : "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php" - }, - { - "name" : "116721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116721" - }, - { - "name" : "adaptcms-referer-open-redirect(99618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adaptcms-referer-open-redirect(99618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99618" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php" + }, + { + "name": "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html" + }, + { + "name": "116721", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116721" + }, + { + "name": "35710", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35710" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1368.json b/2015/1xxx/CVE-2015-1368.json index 82a45bd56ef..4381137447a 100644 --- a/2015/1xxx/CVE-2015-1368.json +++ b/2015/1xxx/CVE-2015-1368.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534464/100/0/threaded" - }, - { - "name" : "35786", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35786" - }, - { - "name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/52" - }, - { - "name" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" - }, - { - "name" : "72023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72023" - }, - { - "name" : "116961", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116961" - }, - { - "name" : "116962", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116962" - }, - { - "name" : "116963", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116963" - }, - { - "name" : "116964", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116964" - }, - { - "name" : "116965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116965" - }, - { - "name" : "ansibletower-orderbynextrun-xss(99924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ansibletower-orderbynextrun-xss(99924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99924" + }, + { + "name": "116963", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116963" + }, + { + "name": "116962", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116962" + }, + { + "name": "116961", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116961" + }, + { + "name": "72023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72023" + }, + { + "name": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" + }, + { + "name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534464/100/0/threaded" + }, + { + "name": "116964", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116964" + }, + { + "name": "116965", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116965" + }, + { + "name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/52" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" + }, + { + "name": "35786", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35786" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1724.json b/2015/1xxx/CVE-2015-1724.json index 2d9236f8a85..653b6904263 100644 --- a/2015/1xxx/CVE-2015-1724.json +++ b/2015/1xxx/CVE-2015-1724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Object Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38272", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38272/" - }, - { - "name" : "MS15-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" - }, - { - "name" : "1032525", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Object Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032525", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032525" + }, + { + "name": "38272", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38272/" + }, + { + "name": "MS15-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1904.json b/2015/1xxx/CVE-2015-1904.json index 5d2252c0e3f..789a12c641f 100644 --- a/2015/1xxx/CVE-2015-1904.json +++ b/2015/1xxx/CVE-2015-1904.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960293" - }, - { - "name" : "JR53209", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209" - }, - { - "name" : "1033159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960293" + }, + { + "name": "JR53209", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209" + }, + { + "name": "1033159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033159" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5107.json b/2015/5xxx/CVE-2015-5107.json index a232579b6a8..3ced648d365 100644 --- a/2015/5xxx/CVE-2015-5107.json +++ b/2015/5xxx/CVE-2015-5107.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-371", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-371" - }, - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-371", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-371" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5195.json b/2015/5xxx/CVE-2015-5195.json index 832153ea1c2..79ddb80676e 100644 --- a/2015/5xxx/CVE-2015-5195.json +++ b/2015/5xxx/CVE-2015-5195.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150825 Several low impact ntp.org ntpd issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/25/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254544", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254544" - }, - { - "name" : "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be", - "refsource" : "CONFIRM", - "url" : "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21985122", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21985122" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21986956", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21986956" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21988706", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21988706" - }, - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989542", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989542" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "DSA-3388", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3388" - }, - { - "name" : "FEDORA-2015-14212", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" - }, - { - "name" : "FEDORA-2015-14213", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" - }, - { - "name" : "FEDORA-2015-77bfbc1bcd", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" - }, - { - "name" : "RHSA-2016:0780", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0780.html" - }, - { - "name" : "RHSA-2016:2583", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2583.html" - }, - { - "name" : "USN-2783-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2783-1" - }, - { - "name" : "76474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be", + "refsource": "CONFIRM", + "url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be" + }, + { + "name": "USN-2783-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2783-1" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706" + }, + { + "name": "RHSA-2016:2583", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html" + }, + { + "name": "FEDORA-2015-77bfbc1bcd", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" + }, + { + "name": "RHSA-2016:0780", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html" + }, + { + "name": "DSA-3388", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3388" + }, + { + "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3" + }, + { + "name": "76474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76474" + }, + { + "name": "FEDORA-2015-14212", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122" + }, + { + "name": "FEDORA-2015-14213", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5585.json b/2015/5xxx/CVE-2015-5585.json index 9b85632647a..12247656687 100644 --- a/2015/5xxx/CVE-2015-5585.json +++ b/2015/5xxx/CVE-2015-5585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5585", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5872.json b/2015/5xxx/CVE-2015-5872.json index a5f404e739a..584efc10c03 100644 --- a/2015/5xxx/CVE-2015-5872.json +++ b/2015/5xxx/CVE-2015-5872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3190.json b/2018/3xxx/CVE-2018-3190.json index f1ed640afe8..498f532d82e 100644 --- a/2018/3xxx/CVE-2018-3190.json +++ b/2018/3xxx/CVE-2018-3190.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "E-Business Intelligence", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Intelligence", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105629" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105629" + }, + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3311.json b/2018/3xxx/CVE-2018-3311.json index d8b523b8b08..05f25eeaaf3 100644 --- a/2018/3xxx/CVE-2018-3311.json +++ b/2018/3xxx/CVE-2018-3311.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MICROS Xstore Payment", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "3.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MICROS Xstore Payment", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "106566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106566" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3481.json b/2018/3xxx/CVE-2018-3481.json index 640b4e06ae8..de10720aad9 100644 --- a/2018/3xxx/CVE-2018-3481.json +++ b/2018/3xxx/CVE-2018-3481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3481", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3481", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3603.json b/2018/3xxx/CVE-2018-3603.json index a6f8e1a4af2..7c3490f1e05 100644 --- a/2018/3xxx/CVE-2018-3603.json +++ b/2018/3xxx/CVE-2018-3603.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-3603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Control Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-3603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Control Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-112/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-112/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119158", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/" + }, + { + "name": "https://success.trendmicro.com/solution/1119158", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119158" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3733.json b/2018/3xxx/CVE-2018-3733.json index 81996bd6b4b..ff66fd5fa74 100644 --- a/2018/3xxx/CVE-2018-3733.json +++ b/2018/3xxx/CVE-2018-3733.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "crud-file-server node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 0.9.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "crud-file-server node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 0.9.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82", - "refsource" : "MISC", - "url" : "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82" - }, - { - "name" : "https://hackerone.com/reports/310690", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/310690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/310690", + "refsource": "MISC", + "url": "https://hackerone.com/reports/310690" + }, + { + "name": "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82", + "refsource": "MISC", + "url": "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6453.json b/2018/6xxx/CVE-2018-6453.json index 18c0421caba..b50e3fd505d 100644 --- a/2018/6xxx/CVE-2018-6453.json +++ b/2018/6xxx/CVE-2018-6453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7063.json b/2018/7xxx/CVE-2018-7063.json index a2dd07a4208..926e98aa38a 100644 --- a/2018/7xxx/CVE-2018-7063.json +++ b/2018/7xxx/CVE-2018-7063.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aruba ClearPass Policy Manager", - "version" : { - "version_data" : [ - { - "version_value" : "ClearPass 6.7.x prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote access restriction bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "ClearPass 6.7.x prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt", - "refsource" : "CONFIRM", - "url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote access restriction bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt", + "refsource": "CONFIRM", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7173.json b/2018/7xxx/CVE-2018-7173.json index f3fc5f7b91e..1dc02f171ad 100644 --- a/2018/7xxx/CVE-2018-7173.json +++ b/2018/7xxx/CVE-2018-7173.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7243.json b/2018/7xxx/CVE-2018-7243.json index e1d6be5228c..aa3f39e0d57 100644 --- a/2018/7xxx/CVE-2018-7243.json +++ b/2018/7xxx/CVE-2018-7243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "ID" : "CVE-2018-7243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", - "version" : { - "version_data" : [ - { - "version_value" : "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "ID": "CVE-2018-7243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", + "version": { + "version_data": [ + { + "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7357.json b/2018/7xxx/CVE-2018-7357.json index 64233f8abfd..c5195a65c05 100644 --- a/2018/7xxx/CVE-2018-7357.json +++ b/2018/7xxx/CVE-2018-7357.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@zte.com.cn", - "ID" : "CVE-2018-7357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ZXHN H168N", - "version" : { - "version_data" : [ - { - "version_value" : "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" - } - ] - } - } - ] - }, - "vendor_name" : "ZTE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization\n" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@zte.com.cn", + "ID": "CVE-2018-7357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZXHN H168N", + "version": { + "version_data": [ + { + "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" + } + ] + } + } + ] + }, + "vendor_name": "ZTE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45972", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45972/" - }, - { - "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", - "refsource" : "CONFIRM", - "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45972", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45972/" + }, + { + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", + "refsource": "CONFIRM", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7874.json b/2018/7xxx/CVE-2018-7874.json index 133428b0c72..c79436cbec4 100644 --- a/2018/7xxx/CVE-2018-7874.json +++ b/2018/7xxx/CVE-2018-7874.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260" - }, - { - "name" : "https://github.com/libming/libming/issues/115", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260" + }, + { + "name": "https://github.com/libming/libming/issues/115", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/115" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8087.json b/2018/8xxx/CVE-2018-8087.json index ff19e3658df..d352e43ce22 100644 --- a/2018/8xxx/CVE-2018-8087.json +++ b/2018/8xxx/CVE-2018-8087.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" - }, - { - "name" : "DSA-4188", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name" : "USN-3676-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3676-1/" - }, - { - "name" : "USN-3676-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3676-2/" - }, - { - "name" : "USN-3677-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3677-1/" - }, - { - "name" : "USN-3677-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3677-2/" - }, - { - "name" : "USN-3678-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3678-1/" - }, - { - "name" : "USN-3678-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3678-2/" - }, - { - "name" : "USN-3678-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3678-3/" - }, - { - "name" : "USN-3678-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3678-4/" - }, - { - "name" : "103397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3676-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3676-1/" + }, + { + "name": "USN-3678-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3678-2/" + }, + { + "name": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" + }, + { + "name": "USN-3678-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3678-1/" + }, + { + "name": "USN-3677-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3677-1/" + }, + { + "name": "103397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103397" + }, + { + "name": "DSA-4188", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "name": "USN-3678-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3678-3/" + }, + { + "name": "USN-3677-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3677-2/" + }, + { + "name": "USN-3676-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3676-2/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" + }, + { + "name": "USN-3678-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3678-4/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8354.json b/2018/8xxx/CVE-2018-8354.json index 9039ed41ab3..76b4f6dc95a 100644 --- a/2018/8xxx/CVE-2018-8354.json +++ b/2018/8xxx/CVE-2018-8354.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354" - }, - { - "name" : "105232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105232" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105232" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8517.json b/2018/8xxx/CVE-2018-8517.json index 09c0fa7008e..873e8a36dd2 100644 --- a/2018/8xxx/CVE-2018-8517.json +++ b/2018/8xxx/CVE-2018-8517.json @@ -1,274 +1,274 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft .NET Framework", - "version" : { - "version_data" : [ - { - "version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "3.5 on Windows Server 2012" - }, - { - "version_value" : "3.5 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2016" - }, - { - "version_value" : "3.5 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2019" - }, - { - "version_value" : "3.5 on Windows Server 2019 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.5.2 on Windows RT 8.1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows Server 2019" - }, - { - "version_value" : "4.7.2 on Windows Server 2019 (Server Core installation)" - }, - { - "version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka \".NET Framework Denial Of Service Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework", + "version": { + "version_data": [ + { + "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "3.5 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "3.5 on Windows Server 2012" + }, + { + "version_value": "3.5 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2012 R2" + }, + { + "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2016" + }, + { + "version_value": "3.5 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2019" + }, + { + "version_value": "3.5 on Windows Server 2019 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.5.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.5.2 on Windows RT 8.1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012" + }, + { + "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows Server 2019" + }, + { + "version_value": "4.7.2 on Windows Server 2019 (Server Core installation)" + }, + { + "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517" - }, - { - "name" : "106075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka \".NET Framework Denial Of Service Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517" + }, + { + "name": "106075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106075" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8970.json b/2018/8xxx/CVE-2018-8970.json index 9ee6544c791..664ea7fbdd2 100644 --- a/2018/8xxx/CVE-2018-8970.json +++ b/2018/8xxx/CVE-2018-8970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff", - "refsource" : "MISC", - "url" : "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff" - }, - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt", - "refsource" : "MISC", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt" - }, - { - "name" : "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42", - "refsource" : "MISC", - "url" : "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42", + "refsource": "MISC", + "url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42" + }, + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt", + "refsource": "MISC", + "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt" + }, + { + "name": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff", + "refsource": "MISC", + "url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff" + } + ] + } +} \ No newline at end of file