From f40351c34f0fb0d01c20d94b02b99eccb50cd381 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:54:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0441.json | 260 ++++++++++++------------- 2005/0xxx/CVE-2005-0670.json | 190 +++++++++--------- 2005/0xxx/CVE-2005-0708.json | 120 ++++++------ 2005/0xxx/CVE-2005-0751.json | 34 ++-- 2005/1xxx/CVE-2005-1154.json | 240 +++++++++++------------ 2005/3xxx/CVE-2005-3240.json | 210 ++++++++++---------- 2005/3xxx/CVE-2005-3480.json | 140 +++++++------- 2005/3xxx/CVE-2005-3765.json | 150 +++++++-------- 2005/3xxx/CVE-2005-3824.json | 170 ++++++++--------- 2005/4xxx/CVE-2005-4023.json | 150 +++++++-------- 2005/4xxx/CVE-2005-4474.json | 140 +++++++------- 2005/4xxx/CVE-2005-4678.json | 120 ++++++------ 2005/4xxx/CVE-2005-4762.json | 140 +++++++------- 2005/4xxx/CVE-2005-4861.json | 150 +++++++-------- 2005/4xxx/CVE-2005-4883.json | 120 ++++++------ 2009/0xxx/CVE-2009-0132.json | 180 ++++++++--------- 2009/0xxx/CVE-2009-0415.json | 140 +++++++------- 2009/0xxx/CVE-2009-0443.json | 150 +++++++-------- 2009/0xxx/CVE-2009-0703.json | 150 +++++++-------- 2009/1xxx/CVE-2009-1553.json | 340 ++++++++++++++++----------------- 2009/3xxx/CVE-2009-3028.json | 160 ++++++++-------- 2009/3xxx/CVE-2009-3142.json | 34 ++-- 2009/3xxx/CVE-2009-3171.json | 160 ++++++++-------- 2009/3xxx/CVE-2009-3347.json | 160 ++++++++-------- 2009/4xxx/CVE-2009-4079.json | 190 +++++++++--------- 2009/4xxx/CVE-2009-4303.json | 200 +++++++++---------- 2009/4xxx/CVE-2009-4435.json | 150 +++++++-------- 2009/4xxx/CVE-2009-4849.json | 140 +++++++------- 2012/2xxx/CVE-2012-2543.json | 170 ++++++++--------- 2012/2xxx/CVE-2012-2733.json | 290 ++++++++++++++-------------- 2012/2xxx/CVE-2012-2759.json | 170 ++++++++--------- 2015/1xxx/CVE-2015-1176.json | 160 ++++++++-------- 2015/1xxx/CVE-2015-1449.json | 120 ++++++------ 2015/1xxx/CVE-2015-1460.json | 120 ++++++------ 2015/1xxx/CVE-2015-1610.json | 140 +++++++------- 2015/1xxx/CVE-2015-1983.json | 120 ++++++------ 2015/5xxx/CVE-2015-5570.json | 250 ++++++++++++------------ 2015/5xxx/CVE-2015-5573.json | 240 +++++++++++------------ 2015/5xxx/CVE-2015-5813.json | 200 +++++++++---------- 2018/11xxx/CVE-2018-11627.json | 150 +++++++-------- 2018/3xxx/CVE-2018-3268.json | 142 +++++++------- 2018/3xxx/CVE-2018-3418.json | 34 ++-- 2018/3xxx/CVE-2018-3540.json | 34 ++-- 2018/3xxx/CVE-2018-3821.json | 120 ++++++------ 2018/6xxx/CVE-2018-6127.json | 172 ++++++++--------- 2018/7xxx/CVE-2018-7026.json | 34 ++-- 2018/7xxx/CVE-2018-7412.json | 34 ++-- 2018/8xxx/CVE-2018-8132.json | 240 +++++++++++------------ 2018/8xxx/CVE-2018-8864.json | 132 ++++++------- 2018/8xxx/CVE-2018-8904.json | 120 ++++++------ 50 files changed, 3840 insertions(+), 3840 deletions(-) diff --git a/2005/0xxx/CVE-2005-0441.json b/2005/0xxx/CVE-2005-0441.json index bf5e9dffb85..9bd52eb21a3 100644 --- a/2005/0xxx/CVE-2005-0441.json +++ b/2005/0xxx/CVE-2005-0441.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or \"sa\" role privileges to execute arbitrary code via (5) a crafted install java statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041222 Sybase ASE 12.5.2 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html" - }, - { - "name" : "20050321 Details of Sybase ASE bugs withheld", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/393851" - }, - { - "name" : "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111272918117194&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/sybase-ase.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/sybase-ase.txt" - }, - { - "name" : "http://www.sybase.com/detail?id=1034520", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1034520" - }, - { - "name" : "http://www.sybase.com/detail?id=1034752", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1034752" - }, - { - "name" : "http://www.sybase.com/detail/1,6904,1033894,00.html", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail/1,6904,1033894,00.html" - }, - { - "name" : "12080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12080" - }, - { - "name" : "13632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13632" - }, - { - "name" : "sybase-adaptive-server(19354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354" - }, - { - "name" : "sybase-ase-attribvalid-bo(19974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19974" - }, - { - "name" : "sybase-ase-convert-bo(19976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19976" - }, - { - "name" : "sybase-ase-declare-bo(19978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19978" - }, - { - "name" : "sybase-ase-abstract-bo(19979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19979" - }, - { - "name" : "sybase-ase-install-java-bo(19980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or \"sa\" role privileges to execute arbitrary code via (5) a crafted install java statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sybase-ase-convert-bo(19976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19976" + }, + { + "name": "sybase-ase-install-java-bo(19980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19980" + }, + { + "name": "http://www.ngssoftware.com/advisories/sybase-ase.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/sybase-ase.txt" + }, + { + "name": "sybase-adaptive-server(19354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354" + }, + { + "name": "20050321 Details of Sybase ASE bugs withheld", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/393851" + }, + { + "name": "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111272918117194&w=2" + }, + { + "name": "sybase-ase-abstract-bo(19979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19979" + }, + { + "name": "http://www.sybase.com/detail/1,6904,1033894,00.html", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail/1,6904,1033894,00.html" + }, + { + "name": "13632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13632" + }, + { + "name": "http://www.sybase.com/detail?id=1034520", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1034520" + }, + { + "name": "http://www.sybase.com/detail?id=1034752", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1034752" + }, + { + "name": "12080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12080" + }, + { + "name": "sybase-ase-declare-bo(19978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19978" + }, + { + "name": "sybase-ase-attribvalid-bo(19974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19974" + }, + { + "name": "20041222 Sybase ASE 12.5.2 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0670.json b/2005/0xxx/CVE-2005-0670.json index d8b9678c587..3609ec67f1a 100644 --- a/2005/0xxx/CVE-2005-0670.json +++ b/2005/0xxx/CVE-2005-0670.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4118", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4118" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4116", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4116" - }, - { - "name" : "http://forums.phpcoin.com/index.php?showtopic=4101", - "refsource" : "CONFIRM", - "url" : "http://forums.phpcoin.com/index.php?showtopic=4101" - }, - { - "name" : "12686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12686" - }, - { - "name" : "1013329", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013329" - }, - { - "name" : "14439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14439" - }, - { - "name" : "phpcoin-xss(19572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14439" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4118", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4118" + }, + { + "name": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4101", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4101" + }, + { + "name": "1013329", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013329" + }, + { + "name": "12686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12686" + }, + { + "name": "http://forums.phpcoin.com/index.php?showtopic=4116", + "refsource": "CONFIRM", + "url": "http://forums.phpcoin.com/index.php?showtopic=4116" + }, + { + "name": "phpcoin-xss(19572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0708.json b/2005/0xxx/CVE-2005-0708.json index 37dcb1d07f9..7311615ead6 100644 --- a/2005/0xxx/CVE-2005-0708.json +++ b/2005/0xxx/CVE-2005-0708.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-05:02", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-05:02", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0751.json b/2005/0xxx/CVE-2005-0751.json index e4b0454261e..73cc7a9116b 100644 --- a/2005/0xxx/CVE-2005-0751.json +++ b/2005/0xxx/CVE-2005-0751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0751", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0751", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1154.json b/2005/1xxx/CVE-2005-1154.json index 28009e41b70..9d04e2d795b 100644 --- a/2005/1xxx/CVE-2005-1154.json +++ b/2005/1xxx/CVE-2005-1154.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-36.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=289675" - }, - { - "name" : "GLSA-200504-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" - }, - { - "name" : "RHSA-2005:383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-383.html" - }, - { - "name" : "RHSA-2005:386", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-386.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "13230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13230" - }, - { - "name" : "oval:org.mitre.oval:def:100022", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022" - }, - { - "name" : "oval:org.mitre.oval:def:10339", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339" - }, - { - "name" : "14938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14938" - }, - { - "name" : "14992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:386", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" + }, + { + "name": "oval:org.mitre.oval:def:100022", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022" + }, + { + "name": "14992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14992" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "13230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13230" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "GLSA-200504-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" + }, + { + "name": "14938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14938" + }, + { + "name": "oval:org.mitre.oval:def:10339", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "RHSA-2005:383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-36.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-36.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=289675", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=289675" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3240.json b/2005/3xxx/CVE-2005-3240.json index c62ac889585..fe7dd2a966a 100644 --- a/2005/3xxx/CVE-2005-3240.json +++ b/2005/3xxx/CVE-2005-3240.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060213 Internet Explorer drag&drop 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424863/100/0/threaded" - }, - { - "name" : "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424940/100/0/threaded" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" - }, - { - "name" : "16352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16352" - }, - { - "name" : "ADV-2006-0553", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0553" - }, - { - "name" : "2707", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2707" - }, - { - "name" : "1015049", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015049" - }, - { - "name" : "18787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18787" - }, - { - "name" : "ie-dragdrop-variant(24648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060213 Internet Explorer drag&drop 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded" + }, + { + "name": "ADV-2006-0553", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0553" + }, + { + "name": "18787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18787" + }, + { + "name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html" + }, + { + "name": "16352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16352" + }, + { + "name": "ie-dragdrop-variant(24648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648" + }, + { + "name": "1015049", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015049" + }, + { + "name": "2707", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2707" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3480.json b/2005/3xxx/CVE-2005-3480.json index addbf6e308b..a9fb4ca3487 100644 --- a/2005/3xxx/CVE-2005-3480.json +++ b/2005/3xxx/CVE-2005-3480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.procheckup.com/Vulner_PR0413.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulner_PR0413.php" - }, - { - "name" : "20422", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20422" - }, - { - "name" : "17383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/Vulner_PR0413.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulner_PR0413.php" + }, + { + "name": "17383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17383" + }, + { + "name": "20422", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20422" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3765.json b/2005/3xxx/CVE-2005-3765.json index b3f441234ef..f14a6d60587 100644 --- a/2005/3xxx/CVE-2005-3765.json +++ b/2005/3xxx/CVE-2005-3765.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051119 [security - exponentcms]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417218" - }, - { - "name" : "15503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15503" - }, - { - "name" : "17655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17655" - }, - { - "name" : "17505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051119 [security - exponentcms]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417218" + }, + { + "name": "15503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15503" + }, + { + "name": "17655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17655" + }, + { + "name": "17505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17505" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3824.json b/2005/3xxx/CVE-2005-3824.json index 0ddcf6e7143..06395a8b66a 100644 --- a/2005/3xxx/CVE-2005-3824.json +++ b/2005/3xxx/CVE-2005-3824.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" - }, - { - "name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417711/30/0/threaded" - }, - { - "name" : "15569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15569" - }, - { - "name" : "ADV-2005-2569", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2569" - }, - { - "name" : "1015274", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015274" - }, - { - "name" : "17693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://www.securityfocus.com/archive/1/417711/30/0/threaded" + }, + { + "name": "15569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15569" + }, + { + "name": "ADV-2005-2569", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2569" + }, + { + "name": "1015274", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015274" + }, + { + "refsource": "FULLDISC", + "name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM", + "url": "http://marc.info/?l=full-disclosure&m=113290708121951&w=2" + }, + { + "name": "17693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17693" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4023.json b/2005/4xxx/CVE-2005-4023.json index 32d46ddba5c..1c7430736b0 100644 --- a/2005/4xxx/CVE-2005-4023.json +++ b/2005/4xxx/CVE-2005-4023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051130 Gallery 2.x Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418200/100/0/threaded" - }, - { - "name" : "15614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15614" - }, - { - "name" : "ADV-2005-2681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2681" - }, - { - "name" : "17747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17747" + }, + { + "name": "15614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15614" + }, + { + "name": "20051130 Gallery 2.x Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded" + }, + { + "name": "ADV-2005-2681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2681" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4474.json b/2005/4xxx/CVE-2005-4474.json index 4b15bca195b..3741b82b331 100644 --- a/2005/4xxx/CVE-2005-4474.json +++ b/2005/4xxx/CVE-2005-4474.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the \"Add to archive\" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051221 WinRAR - Processing Filename Incorrectly Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420006/100/0/threaded" - }, - { - "name" : "15999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15999" - }, - { - "name" : "290", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the \"Add to archive\" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "290", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/290" + }, + { + "name": "20051221 WinRAR - Processing Filename Incorrectly Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420006/100/0/threaded" + }, + { + "name": "15999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15999" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4678.json b/2005/4xxx/CVE-2005-4678.json index 28e7e6847d2..e7a1b5f40fe 100644 --- a/2005/4xxx/CVE-2005-4678.json +++ b/2005/4xxx/CVE-2005-4678.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17618" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4762.json b/2005/4xxx/CVE-2005-4762.json index 8c6cb0c4e7c..bf57f20cf89 100644 --- a/2005/4xxx/CVE-2005-4762.json +++ b/2005/4xxx/CVE-2005-4762.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA05-99.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/153" - }, - { - "name" : "15052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15052" - }, - { - "name" : "17138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "BEA05-99.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/153" + }, + { + "name": "15052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15052" + }, + { + "name": "17138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17138" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4861.json b/2005/4xxx/CVE-2005-4861.json index ed441e00763..c279e7009aa 100644 --- a/2005/4xxx/CVE-2005-4861.json +++ b/2005/4xxx/CVE-2005-4861.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing \"/login.php\" PHP_SELF value, which is not properly handled by the CHECK_AUTH function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050730 RO CP root exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html" - }, - { - "name" : "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6", - "refsource" : "CONFIRM", - "url" : "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6" - }, - { - "name" : "18389", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18389" - }, - { - "name" : "16287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing \"/login.php\" PHP_SELF value, which is not properly handled by the CHECK_AUTH function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050730 RO CP root exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html" + }, + { + "name": "18389", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18389" + }, + { + "name": "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6", + "refsource": "CONFIRM", + "url": "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6" + }, + { + "name": "16287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16287" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4883.json b/2005/4xxx/CVE-2005-4883.json index b07edef8e06..1ba49658ecc 100644 --- a/2005/4xxx/CVE-2005-4883.json +++ b/2005/4xxx/CVE-2005-4883.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid \"connect frames.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html", - "refsource" : "CONFIRM", - "url" : "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid \"connect frames.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html", + "refsource": "CONFIRM", + "url": "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0132.json b/2009/0xxx/CVE-2009-0132.json index 5e17ecefba4..1dd53ce8f10 100644 --- a/2009/0xxx/CVE-2009-0132.json +++ b/2009/0xxx/CVE-2009-0132.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trapkit.de/advisories/TKADV2009-001.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2009-001.txt" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1" - }, - { - "name" : "247986", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247986-1" - }, - { - "name" : "33188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33188" - }, - { - "name" : "ADV-2009-0099", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0099" - }, - { - "name" : "1021553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021553" - }, - { - "name" : "33516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021553" + }, + { + "name": "247986", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247986-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1" + }, + { + "name": "33188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33188" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2009-001.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2009-001.txt" + }, + { + "name": "ADV-2009-0099", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0099" + }, + { + "name": "33516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33516" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0415.json b/2009/0xxx/CVE-2009-0415.json index ff4df2d891a..d9092e440bc 100644 --- a/2009/0xxx/CVE-2009-0415.json +++ b/2009/0xxx/CVE-2009-0415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090129 CVE Request (trickle)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/29/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456" - }, - { - "name" : "33516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090129 CVE Request (trickle)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/29/5" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456" + }, + { + "name": "33516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33516" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0443.json b/2009/0xxx/CVE-2009-0443.json index 820c29c4e4b..d557c25b746 100644 --- a/2009/0xxx/CVE-2009-0443.json +++ b/2009/0xxx/CVE-2009-0443.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7942", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7942" - }, - { - "name" : "33089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33089" - }, - { - "name" : "51717", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51717" - }, - { - "name" : "33742", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51717", + "refsource": "OSVDB", + "url": "http://osvdb.org/51717" + }, + { + "name": "33742", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33742" + }, + { + "name": "7942", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7942" + }, + { + "name": "33089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33089" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0703.json b/2009/0xxx/CVE-2009-0703.json index eda753a2781..c9dc4786391 100644 --- a/2009/0xxx/CVE-2009-0703.json +++ b/2009/0xxx/CVE-2009-0703.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7635", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7635" - }, - { - "name" : "33084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33084" - }, - { - "name" : "34099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34099" - }, - { - "name" : "webboard-bview-sql-injection(47722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7635", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7635" + }, + { + "name": "33084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33084" + }, + { + "name": "34099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34099" + }, + { + "name": "webboard-bview-sql-injection(47722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47722" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1553.json b/2009/1xxx/CVE-2009-1553.json index b36052f3a33..6f1dce7f198 100644 --- a/2009/1xxx/CVE-2009-1553.json +++ b/2009/1xxx/CVE-2009-1553.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503236/100/0/threaded" - }, - { - "name" : "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/", - "refsource" : "MLIST", - "url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669" - }, - { - "name" : "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java", - "refsource" : "MLIST", - "url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668" - }, - { - "name" : "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/", - "refsource" : "MLIST", - "url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675" - }, - { - "name" : "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html" - }, - { - "name" : "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=134", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=134" - }, - { - "name" : "258528", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1" - }, - { - "name" : "JVN#73653977", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73653977/index.html" - }, - { - "name" : "JVNDB-2009-000027", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html" - }, - { - "name" : "34824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34824" - }, - { - "name" : "34914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34914" - }, - { - "name" : "54249", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54249" - }, - { - "name" : "54250", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54250" - }, - { - "name" : "54251", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54251" - }, - { - "name" : "54252", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54252" - }, - { - "name" : "54253", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54253" - }, - { - "name" : "54254", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54254" - }, - { - "name" : "54255", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54255" - }, - { - "name" : "54256", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54256" - }, - { - "name" : "54257", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54257" - }, - { - "name" : "ADV-2009-1255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1255" - }, - { - "name" : "glassfish-jsa-admininterface-xss(50453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded" + }, + { + "name": "258528", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1" + }, + { + "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html" + }, + { + "name": "54254", + "refsource": "OSVDB", + "url": "http://osvdb.org/54254" + }, + { + "name": "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/", + "refsource": "MLIST", + "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675" + }, + { + "name": "54256", + "refsource": "OSVDB", + "url": "http://osvdb.org/54256" + }, + { + "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html" + }, + { + "name": "54250", + "refsource": "OSVDB", + "url": "http://osvdb.org/54250" + }, + { + "name": "54253", + "refsource": "OSVDB", + "url": "http://osvdb.org/54253" + }, + { + "name": "54257", + "refsource": "OSVDB", + "url": "http://osvdb.org/54257" + }, + { + "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/", + "refsource": "MLIST", + "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669" + }, + { + "name": "glassfish-jsa-admininterface-xss(50453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453" + }, + { + "name": "JVNDB-2009-000027", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html" + }, + { + "name": "ADV-2009-1255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1255" + }, + { + "name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java", + "refsource": "MLIST", + "url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668" + }, + { + "name": "54252", + "refsource": "OSVDB", + "url": "http://osvdb.org/54252" + }, + { + "name": "54255", + "refsource": "OSVDB", + "url": "http://osvdb.org/54255" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=134", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=134" + }, + { + "name": "54249", + "refsource": "OSVDB", + "url": "http://osvdb.org/54249" + }, + { + "name": "JVN#73653977", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73653977/index.html" + }, + { + "name": "54251", + "refsource": "OSVDB", + "url": "http://osvdb.org/54251" + }, + { + "name": "34824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34824" + }, + { + "name": "34914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34914" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3028.json b/2009/3xxx/CVE-2009-3028.json index aaece4f12ad..0a7597c83a2 100644 --- a/2009/3xxx/CVE-2009-3028.json +++ b/2009/3xxx/CVE-2009-3028.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00" - }, - { - "name" : "http://www.symantec.com/business/support/index?page=content&id=TECH44885", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/business/support/index?page=content&id=TECH44885" - }, - { - "name" : "36346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36346" - }, - { - "name" : "57893", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57893" - }, - { - "name" : "36679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36346" + }, + { + "name": "57893", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57893" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00" + }, + { + "name": "http://www.symantec.com/business/support/index?page=content&id=TECH44885", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/business/support/index?page=content&id=TECH44885" + }, + { + "name": "36679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36679" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3142.json b/2009/3xxx/CVE-2009-3142.json index d5401e26ec6..fcb1f75f3de 100644 --- a/2009/3xxx/CVE-2009-3142.json +++ b/2009/3xxx/CVE-2009-3142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3142", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3142", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3171.json b/2009/3xxx/CVE-2009-3171.json index 01e9a4ea7b1..596118a6b76 100644 --- a/2009/3xxx/CVE-2009-3171.json +++ b/2009/3xxx/CVE-2009-3171.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9425", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9425" - }, - { - "name" : "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt" - }, - { - "name" : "33686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33686" - }, - { - "name" : "ADV-2009-2541", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2541" - }, - { - "name" : "gazellecms-user-search-xss(52415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt" + }, + { + "name": "9425", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9425" + }, + { + "name": "ADV-2009-2541", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2541" + }, + { + "name": "33686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33686" + }, + { + "name": "gazellecms-user-search-xss(52415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52415" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3347.json b/2009/3xxx/CVE-2009-3347.json index abab6898313..b5e1b562c94 100644 --- a/2009/3xxx/CVE-2009-3347.json +++ b/2009/3xxx/CVE-2009-3347.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36237" - }, - { - "name" : "57791", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/57791" - }, - { - "name" : "1022826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022826" - }, - { - "name" : "36454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36237" + }, + { + "name": "57791", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/57791" + }, + { + "name": "1022826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022826" + }, + { + "name": "36454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36454" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4079.json b/2009/4xxx/CVE-2009-4079.json index 19842de5fb2..88e8f7d0b0b 100644 --- a/2009/4xxx/CVE-2009-4079.json +++ b/2009/4xxx/CVE-2009-4079.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rubyforge.org/frs/shownotes.php?release_id=41440", - "refsource" : "MISC", - "url" : "http://rubyforge.org/frs/shownotes.php?release_id=41440" - }, - { - "name" : "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15", - "refsource" : "MISC", - "url" : "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15" - }, - { - "name" : "JVN#87341298", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87341298/index.html" - }, - { - "name" : "JVNDB-2009-000074", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html" - }, - { - "name" : "37066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37066" - }, - { - "name" : "37420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37420" - }, - { - "name" : "ADV-2009-3291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3291" - }, - { - "name" : "redmine-unspecified-csrf(54334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3291" + }, + { + "name": "JVNDB-2009-000074", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html" + }, + { + "name": "37066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37066" + }, + { + "name": "redmine-unspecified-csrf(54334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334" + }, + { + "name": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15", + "refsource": "MISC", + "url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15" + }, + { + "name": "JVN#87341298", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87341298/index.html" + }, + { + "name": "http://rubyforge.org/frs/shownotes.php?release_id=41440", + "refsource": "MISC", + "url": "http://rubyforge.org/frs/shownotes.php?release_id=41440" + }, + { + "name": "37420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37420" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4303.json b/2009/4xxx/CVE-2009-4303.json index a021261ca9f..b7700d1ec20 100644 --- a/2009/4xxx/CVE-2009-4303.json +++ b/2009/4xxx/CVE-2009-4303.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified \"secrets\" in backup files, which might allow attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" - }, - { - "name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=139110", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=139110" - }, - { - "name" : "FEDORA-2009-13040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" - }, - { - "name" : "FEDORA-2009-13065", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" - }, - { - "name" : "FEDORA-2009-13080", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" - }, - { - "name" : "37244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37244" - }, - { - "name" : "37614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37614" - }, - { - "name" : "ADV-2009-3455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified \"secrets\" in backup files, which might allow attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" + }, + { + "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=139110", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=139110" + }, + { + "name": "ADV-2009-3455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3455" + }, + { + "name": "37614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37614" + }, + { + "name": "FEDORA-2009-13065", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" + }, + { + "name": "FEDORA-2009-13040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" + }, + { + "name": "FEDORA-2009-13080", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" + }, + { + "name": "37244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37244" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4435.json b/2009/4xxx/CVE-2009-4435.json index 1964476d03b..7b9b231330f 100644 --- a/2009/4xxx/CVE-2009-4435.json +++ b/2009/4xxx/CVE-2009-4435.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt" - }, - { - "name" : "10536", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10536" - }, - { - "name" : "37408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37408" - }, - { - "name" : "f3site-nlang-file-include(54908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37408" + }, + { + "name": "f3site-nlang-file-include(54908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54908" + }, + { + "name": "10536", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10536" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4849.json b/2009/4xxx/CVE-2009-4849.json index 6616cf4bbf0..81258b02c9e 100644 --- a/2009/4xxx/CVE-2009-4849.json +++ b/2009/4xxx/CVE-2009-4849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" - }, - { - "name" : "37359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37359" + }, + { + "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2543.json b/2012/2xxx/CVE-2012-2543.json index d5736902c38..ec3802fddf2 100644 --- a/2012/2xxx/CVE-2012-2543.json +++ b/2012/2xxx/CVE-2012-2543.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56431" - }, - { - "name" : "oval:org.mitre.oval:def:15737", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737" - }, - { - "name" : "oval:org.mitre.oval:def:15908", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908" - }, - { - "name" : "1027752", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56431" + }, + { + "name": "oval:org.mitre.oval:def:15908", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908" + }, + { + "name": "MS12-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076" + }, + { + "name": "oval:org.mitre.oval:def:15737", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "1027752", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027752" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2733.json b/2012/2xxx/CVE-2012-2733.json index b313b98636f..ab0c6362fbb 100644 --- a/2012/2xxx/CVE-2012-2733.json +++ b/2012/2xxx/CVE-2012-2733.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1350301", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1350301" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1356208", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1356208" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "HPSBMU02873", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "SSRT101182", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBUX02866", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "SSRT101139", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "openSUSE-SU-2012:1700", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" - }, - { - "name" : "openSUSE-SU-2012:1701", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" - }, - { - "name" : "openSUSE-SU-2013:0147", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" - }, - { - "name" : "USN-1637-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1637-1" - }, - { - "name" : "56402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56402" - }, - { - "name" : "oval:org.mitre.oval:def:19218", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218" - }, - { - "name" : "1027729", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027729" - }, - { - "name" : "51371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51371" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101139", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "51371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51371" + }, + { + "name": "openSUSE-SU-2012:1700", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" + }, + { + "name": "oval:org.mitre.oval:def:19218", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218" + }, + { + "name": "USN-1637-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1637-1" + }, + { + "name": "SSRT101182", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBMU02873", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "56402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56402" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1356208", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1356208" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "openSUSE-SU-2013:0147", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" + }, + { + "name": "HPSBUX02866", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "openSUSE-SU-2012:1701", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1350301", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1350301" + }, + { + "name": "1027729", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027729" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2759.json b/2012/2xxx/CVE-2012-2759.json index 67410cfb4e4..e4ba4f36784 100644 --- a/2012/2xxx/CVE-2012-2759.json +++ b/2012/2xxx/CVE-2012-2759.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secureworks.com/research/advisories/SWRX-2012-003/", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/research/advisories/SWRX-2012-003/" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset/541069", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/541069" - }, - { - "name" : "http://wordpress.org/extend/plugins/login-with-ajax/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/login-with-ajax/changelog/" - }, - { - "name" : "53423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53423" - }, - { - "name" : "81712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81712" - }, - { - "name" : "loginwithajax-loginwithajax-xss(75470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset/541069", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/541069" + }, + { + "name": "53423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53423" + }, + { + "name": "http://wordpress.org/extend/plugins/login-with-ajax/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/login-with-ajax/changelog/" + }, + { + "name": "loginwithajax-loginwithajax-xss(75470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75470" + }, + { + "name": "http://www.secureworks.com/research/advisories/SWRX-2012-003/", + "refsource": "MISC", + "url": "http://www.secureworks.com/research/advisories/SWRX-2012-003/" + }, + { + "name": "81712", + "refsource": "OSVDB", + "url": "http://osvdb.org/81712" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1176.json b/2015/1xxx/CVE-2015-1176.json index e3e26cee66a..bee8f3a8bf3 100644 --- a/2015/1xxx/CVE-2015-1176.json +++ b/2015/1xxx/CVE-2015-1176.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150122 CVE-2015-1176-xss-osticket", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534526/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/osTicket/osTicket-1.8/pull/1639", - "refsource" : "CONFIRM", - "url" : "https://github.com/osTicket/osTicket-1.8/pull/1639" - }, - { - "name" : "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5", - "refsource" : "CONFIRM", - "url" : "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5" - }, - { - "name" : "72276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/osTicket/osTicket-1.8/pull/1639", + "refsource": "CONFIRM", + "url": "https://github.com/osTicket/osTicket-1.8/pull/1639" + }, + { + "name": "20150122 CVE-2015-1176-xss-osticket", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded" + }, + { + "name": "72276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72276" + }, + { + "name": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5", + "refsource": "CONFIRM", + "url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1449.json b/2015/1xxx/CVE-2015-1449.json index 7935c25f76a..3731affd542 100644 --- a/2015/1xxx/CVE-2015-1449.json +++ b/2015/1xxx/CVE-2015-1449.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1460.json b/2015/1xxx/CVE-2015-1460.json index ff9f0638e3b..6a0d8a4df04 100644 --- a/2015/1xxx/CVE-2015-1460.json +++ b/2015/1xxx/CVE-2015-1460.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1610.json b/2015/1xxx/CVE-2015-1610.json index 84d33e0fa85..93cca010571 100644 --- a/2015/1xxx/CVE-2015-1610.json +++ b/2015/1xxx/CVE-2015-1610.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka \"topology spoofing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" - }, - { - "name" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker", - "refsource" : "CONFIRM", - "url" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker" - }, - { - "name" : "73251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka \"topology spoofing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker", + "refsource": "CONFIRM", + "url": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker" + }, + { + "name": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", + "refsource": "MISC", + "url": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" + }, + { + "name": "73251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73251" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1983.json b/2015/1xxx/CVE-2015-1983.json index b8d2534f4cc..ad3db47a5e5 100644 --- a/2015/1xxx/CVE-2015-1983.json +++ b/2015/1xxx/CVE-2015-1983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964316", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964316", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964316" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5570.json b/2015/5xxx/CVE-2015-5570.json index 2e8db19c1b8..040dbea9014 100644 --- a/2015/5xxx/CVE-2015-5570.json +++ b/2015/5xxx/CVE-2015-5570.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-447", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-447" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76795" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-447", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-447" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "76795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76795" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5573.json b/2015/5xxx/CVE-2015-5573.json index 7a9d79ba49d..3698d7cdd4d 100644 --- a/2015/5xxx/CVE-2015-5573.json +++ b/2015/5xxx/CVE-2015-5573.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76794" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76794" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5813.json b/2015/5xxx/CVE-2015-5813.json index 351ab71e308..99e365d0539 100644 --- a/2015/5xxx/CVE-2015-5813.json +++ b/2015/5xxx/CVE-2015-5813.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "76763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76763" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76763" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11627.json b/2018/11xxx/CVE-2018-11627.json index a26fff116c3..f0006ba9d3e 100644 --- a/2018/11xxx/CVE-2018-11627.json +++ b/2018/11xxx/CVE-2018-11627.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a", - "refsource" : "MISC", - "url" : "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a" - }, - { - "name" : "https://github.com/sinatra/sinatra/issues/1428", - "refsource" : "MISC", - "url" : "https://github.com/sinatra/sinatra/issues/1428" - }, - { - "name" : "RHSA-2019:0212", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0212" - }, - { - "name" : "RHSA-2019:0315", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sinatra/sinatra/issues/1428", + "refsource": "MISC", + "url": "https://github.com/sinatra/sinatra/issues/1428" + }, + { + "name": "RHSA-2019:0315", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0315" + }, + { + "name": "RHSA-2019:0212", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0212" + }, + { + "name": "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a", + "refsource": "MISC", + "url": "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3268.json b/2018/3xxx/CVE-2018-3268.json index 53964f83149..af5ed83667d 100644 --- a/2018/3xxx/CVE-2018-3268.json +++ b/2018/3xxx/CVE-2018-3268.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105604" - }, - { - "name" : "1041895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041895" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105604" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3418.json b/2018/3xxx/CVE-2018-3418.json index ca9da2bf9bd..bfc9274c5fa 100644 --- a/2018/3xxx/CVE-2018-3418.json +++ b/2018/3xxx/CVE-2018-3418.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3418", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3418", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3540.json b/2018/3xxx/CVE-2018-3540.json index 22b2492bf62..085267fd8fe 100644 --- a/2018/3xxx/CVE-2018-3540.json +++ b/2018/3xxx/CVE-2018-3540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3821.json b/2018/3xxx/CVE-2018-3821.json index de152d63834..3b2288ed2a3 100644 --- a/2018/3xxx/CVE-2018-3821.json +++ b/2018/3xxx/CVE-2018-3821.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-3821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "after 5.1.1 and before 5.6.7 and 6.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-3821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "after 5.1.1 and before 5.6.7 and 6.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683", - "refsource" : "CONFIRM", - "url" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683", + "refsource": "CONFIRM", + "url": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6127.json b/2018/6xxx/CVE-2018-6127.json index 94d0cb572b9..a4d563a7c4c 100644 --- a/2018/6xxx/CVE-2018-6127.json +++ b/2018/6xxx/CVE-2018-6127.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "67.0.3396.62" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "67.0.3396.62" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/842990", - "refsource" : "MISC", - "url" : "https://crbug.com/842990" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" - }, - { - "name" : "DSA-4237", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4237" - }, - { - "name" : "RHSA-2018:1815", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1815" - }, - { - "name" : "104309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104309" - }, - { - "name" : "1041014", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/842990", + "refsource": "MISC", + "url": "https://crbug.com/842990" + }, + { + "name": "104309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104309" + }, + { + "name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" + }, + { + "name": "1041014", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041014" + }, + { + "name": "RHSA-2018:1815", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1815" + }, + { + "name": "DSA-4237", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4237" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7026.json b/2018/7xxx/CVE-2018-7026.json index 227c684261a..e5f2bcf3fda 100644 --- a/2018/7xxx/CVE-2018-7026.json +++ b/2018/7xxx/CVE-2018-7026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7026", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7026", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7412.json b/2018/7xxx/CVE-2018-7412.json index 168e0a817a2..94eb650453b 100644 --- a/2018/7xxx/CVE-2018-7412.json +++ b/2018/7xxx/CVE-2018-7412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7412", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7412", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8132.json b/2018/8xxx/CVE-2018-8132.json index 8d8ed923c6c..7e147b3d40f 100644 --- a/2018/8xxx/CVE-2018-8132.json +++ b/2018/8xxx/CVE-2018-8132.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132" - }, - { - "name" : "104066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104066" - }, - { - "name" : "1040849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040849" + }, + { + "name": "104066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104066" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8864.json b/2018/8xxx/CVE-2018-8864.json index a4ef95ce93d..596e2e822a7 100644 --- a/2018/8xxx/CVE-2018-8864.json +++ b/2018/8xxx/CVE-2018-8864.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2018-8864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ATI Emergency Mass Notification Systems", - "version" : { - "version_data" : [ - { - "version_value" : "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000." - } - ] - } - } - ] - }, - "vendor_name" : "Acoustic Technology, Inc. (ATI Systems)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2018-8864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ATI Emergency Mass Notification Systems", + "version": { + "version_data": [ + { + "version_value": "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000." + } + ] + } + } + ] + }, + "vendor_name": "Acoustic Technology, Inc. (ATI Systems)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01" - }, - { - "name" : "103721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103721" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8904.json b/2018/8xxx/CVE-2018-8904.json index 89abdb8098f..76f3da8a90e 100644 --- a/2018/8xxx/CVE-2018-8904.json +++ b/2018/8xxx/CVE-2018-8904.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000" + } + ] + } +} \ No newline at end of file