diff --git a/1999/1xxx/CVE-1999-1110.json b/1999/1xxx/CVE-1999-1110.json index af2973d8197..e48f42225da 100644 --- a/1999/1xxx/CVE-1999-1110.json +++ b/1999/1xxx/CVE-1999-1110.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/34675" - }, - { - "name" : "793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/793" + }, + { + "name": "19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/34675" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1251.json b/2000/1xxx/CVE-2000-1251.json index 10468b2d815..65b45867687 100644 --- a/2000/1xxx/CVE-2000-1251.json +++ b/2000/1xxx/CVE-2000-1251.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1251", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1251", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0502.json b/2005/0xxx/CVE-2005-0502.json index 8deb0117f9d..af7c7d37ee9 100644 --- a/2005/0xxx/CVE-2005-0502.json +++ b/2005/0xxx/CVE-2005-0502.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\\ characters in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/xinkaa-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/xinkaa-adv.txt" - }, - { - "name" : "12606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12606" - }, - { - "name" : "ADV-2005-0189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0189" - }, - { - "name" : "14349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14349" - }, - { - "name" : "xinkaa-web-directory-traversal(19404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\\ characters in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/xinkaa-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/xinkaa-adv.txt" + }, + { + "name": "14349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14349" + }, + { + "name": "12606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12606" + }, + { + "name": "ADV-2005-0189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0189" + }, + { + "name": "xinkaa-web-directory-traversal(19404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19404" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2138.json b/2005/2xxx/CVE-2005-2138.json index 805f16627ba..b24ea4a35de 100644 --- a/2005/2xxx/CVE-2005-2138.json +++ b/2005/2xxx/CVE-2005-2138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an \"A\" tag in a review message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64", - "refsource" : "MISC", - "url" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64" - }, - { - "name" : "15865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an \"A\" tag in a review message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15865" + }, + { + "name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64", + "refsource": "MISC", + "url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3135.json b/2005/3xxx/CVE-2005-3135.json index 9944ccd5242..fff6544adc0 100644 --- a/2005/3xxx/CVE-2005-3135.json +++ b/2005/3xxx/CVE-2005-3135.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050930 Buffer-overflow and directory traversal bugs in Virtools Web Player", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112811771331997&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/virtbugs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/virtbugs-adv.txt" - }, - { - "name" : "14990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14990" - }, - { - "name" : "1014993", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014993" - }, - { - "name" : "17034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17034/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050930 Buffer-overflow and directory traversal bugs in Virtools Web Player", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112811771331997&w=2" + }, + { + "name": "1014993", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014993" + }, + { + "name": "17034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17034/" + }, + { + "name": "14990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14990" + }, + { + "name": "http://aluigi.altervista.org/adv/virtbugs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/virtbugs-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4007.json b/2005/4xxx/CVE-2005-4007.json index b0969d3e031..555ca080b73 100644 --- a/2005/4xxx/CVE-2005-4007.json +++ b/2005/4xxx/CVE-2005-4007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sapid-club.com/en/viewtopic.php?p=586#586", - "refsource" : "CONFIRM", - "url" : "http://sapid-club.com/en/viewtopic.php?p=586#586" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100" + }, + { + "name": "http://sapid-club.com/en/viewtopic.php?p=586#586", + "refsource": "CONFIRM", + "url": "http://sapid-club.com/en/viewtopic.php?p=586#586" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4437.json b/2005/4xxx/CVE-2005-4437.json index ab044472c0d..e3efa8da64c 100644 --- a/2005/4xxx/CVE-2005-4437.json +++ b/2005/4xxx/CVE-2005-4437.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051219 Authenticated EIGRP DoS / Information leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419830/100/0/threaded" - }, - { - "name" : "20051219 Authenticated EIGRP DoS / Information leak", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.html" - }, - { - "name" : "20051220 RE: Authenticated EIGRP DoS / Information leak", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113504451523186&w=2" - }, - { - "name" : "20051220 Re: Unauthenticated EIGRP DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419898/100/0/threaded" - }, - { - "name" : "15970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15970" - }, - { - "name" : "oval:org.mitre.oval:def:5741", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5741" - }, - { - "name" : "ADV-2005-3008", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3008" - }, - { - "name" : "1015382", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015382" - }, - { - "name" : "274", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3008", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3008" + }, + { + "name": "20051219 Authenticated EIGRP DoS / Information leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419830/100/0/threaded" + }, + { + "name": "15970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15970" + }, + { + "name": "oval:org.mitre.oval:def:5741", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5741" + }, + { + "name": "20051220 Re: Unauthenticated EIGRP DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419898/100/0/threaded" + }, + { + "name": "274", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/274" + }, + { + "name": "20051220 RE: Authenticated EIGRP DoS / Information leak", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113504451523186&w=2" + }, + { + "name": "1015382", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015382" + }, + { + "name": "20051219 Authenticated EIGRP DoS / Information leak", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4451.json b/2005/4xxx/CVE-2005-4451.json index 84dec3a3fd2..776f096c3bb 100644 --- a/2005/4xxx/CVE-2005-4451.json +++ b/2005/4xxx/CVE-2005-4451.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm" - }, - { - "name" : "HPSBUX02089", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/419897/100/0/threaded" - }, - { - "name" : "SSRT5983", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/419897/100/0/threaded" - }, - { - "name" : "15979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15979" - }, - { - "name" : "oval:org.mitre.oval:def:5638", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5638" - }, - { - "name" : "ADV-2005-3009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3009" - }, - { - "name" : "1015381", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015381" - }, - { - "name" : "18180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18180" - }, - { - "name" : "18418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18180" + }, + { + "name": "SSRT5983", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/419897/100/0/threaded" + }, + { + "name": "15979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15979" + }, + { + "name": "HPSBUX02089", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/419897/100/0/threaded" + }, + { + "name": "ADV-2005-3009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3009" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm" + }, + { + "name": "18418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18418" + }, + { + "name": "oval:org.mitre.oval:def:5638", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5638" + }, + { + "name": "1015381", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015381" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4481.json b/2005/4xxx/CVE-2005-4481.json index 22522610bb7..1bbaa642dc5 100644 --- a/2005/4xxx/CVE-2005-4481.json +++ b/2005/4xxx/CVE-2005-4481.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the \"XSS flaw was only part of the custom implementation of the [polopoly] site\". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd)", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-September/001056.html" - }, - { - "name" : "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html" - }, - { - "name" : "16007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16007" - }, - { - "name" : "21878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the \"XSS flaw was only part of the custom implementation of the [polopoly] site\". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21878" + }, + { + "name": "20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd)", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-September/001056.html" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html" + }, + { + "name": "16007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16007" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4738.json b/2005/4xxx/CVE-2005-4738.json index 824b81d6b27..fe9d8a85c7a 100644 --- a/2005/4xxx/CVE-2005-4738.json +++ b/2005/4xxx/CVE-2005-4738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY71865", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71865" - }, - { - "name" : "15126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15126" - }, - { - "name" : "17031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15126" + }, + { + "name": "IY71865", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71865" + }, + { + "name": "17031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17031" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2551.json b/2009/2xxx/CVE-2009-2551.json index 33da2eca708..cef5ff340b9 100644 --- a/2009/2xxx/CVE-2009-2551.json +++ b/2009/2xxx/CVE-2009-2551.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/eid-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/eid-xss.txt" - }, - { - "name" : "35701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35701" - }, - { - "name" : "55862", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55862" - }, - { - "name" : "35838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35838" - }, - { - "name" : "easyimagedownloader-main-xss(51722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55862", + "refsource": "OSVDB", + "url": "http://osvdb.org/55862" + }, + { + "name": "35701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35701" + }, + { + "name": "35838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35838" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/eid-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/eid-xss.txt" + }, + { + "name": "easyimagedownloader-main-xss(51722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51722" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2902.json b/2009/2xxx/CVE-2009-2902.json index a21048ff9b7..2da6edf6266 100644 --- a/2009/2xxx/CVE-2009-2902.json +++ b/2009/2xxx/CVE-2009-2902.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509150/100/0/threaded" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=892815&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=892815&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=902650&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=902650&view=rev" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-2207", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2207" - }, - { - "name" : "HPSBUX02541", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" - }, - { - "name" : "SSRT100145", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBMA02535", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100029", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "MDVSA-2010:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" - }, - { - "name" : "MDVSA-2010:177", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" - }, - { - "name" : "RHSA-2010:0119", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0119.html" - }, - { - "name" : "RHSA-2010:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0580.html" - }, - { - "name" : "RHSA-2010:0582", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0582.html" - }, - { - "name" : "SUSE-SR:2010:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" - }, - { - "name" : "openSUSE-SU-2012:1700", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" - }, - { - "name" : "openSUSE-SU-2012:1701", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" - }, - { - "name" : "openSUSE-SU-2013:0147", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" - }, - { - "name" : "USN-899-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-899-1" - }, - { - "name" : "37945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37945" - }, - { - "name" : "oval:org.mitre.oval:def:7092", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092" - }, - { - "name" : "oval:org.mitre.oval:def:19431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431" - }, - { - "name" : "1023504", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023504" - }, - { - "name" : "38316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38316" - }, - { - "name" : "38346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38346" - }, - { - "name" : "38541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38541" - }, - { - "name" : "38687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38687" - }, - { - "name" : "39317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39317" - }, - { - "name" : "40330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40330" - }, - { - "name" : "40813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40813" - }, - { - "name" : "43310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43310" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - }, - { - "name" : "ADV-2010-0213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0213" - }, - { - "name" : "ADV-2010-1559", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1559" - }, - { - "name" : "ADV-2010-1986", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1986" - }, - { - "name" : "apache-tomcat-war-directory-traversal(55857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023504", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023504" + }, + { + "name": "HPSBUX02541", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" + }, + { + "name": "HPSBMA02535", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?rev=892815&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=892815&view=rev" + }, + { + "name": "39317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39317" + }, + { + "name": "oval:org.mitre.oval:def:19431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431" + }, + { + "name": "20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509150/100/0/threaded" + }, + { + "name": "DSA-2207", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2207" + }, + { + "name": "openSUSE-SU-2012:1700", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "40330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40330" + }, + { + "name": "MDVSA-2010:177", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" + }, + { + "name": "43310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43310" + }, + { + "name": "SSRT100029", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "ADV-2010-1559", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1559" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "ADV-2010-1986", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1986" + }, + { + "name": "RHSA-2010:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" + }, + { + "name": "40813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40813" + }, + { + "name": "38541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38541" + }, + { + "name": "MDVSA-2010:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "USN-899-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-899-1" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "SUSE-SR:2010:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" + }, + { + "name": "openSUSE-SU-2013:0147", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" + }, + { + "name": "38687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38687" + }, + { + "name": "38346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38346" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "37945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37945" + }, + { + "name": "oval:org.mitre.oval:def:7092", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092" + }, + { + "name": "RHSA-2010:0119", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" + }, + { + "name": "RHSA-2010:0582", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "38316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38316" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "ADV-2010-0213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0213" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "SSRT100145", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" + }, + { + "name": "http://svn.apache.org/viewvc?rev=902650&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=902650&view=rev" + }, + { + "name": "apache-tomcat-war-directory-traversal(55857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55857" + }, + { + "name": "openSUSE-SU-2012:1701", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2936.json b/2009/2xxx/CVE-2009-2936.json index 63638f018e5..7ae656ab0e8 100644 --- a/2009/2xxx/CVE-2009-2936.json +++ b/2009/2xxx/CVE-2009-2936.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100329 Medium security hole in Varnish reverse proxy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510360/100/0/threaded" - }, - { - "name" : "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510368/100/0/threaded" - }, - { - "name" : "http://www.varnish-cache.org/changeset/3865", - "refsource" : "MISC", - "url" : "http://www.varnish-cache.org/changeset/3865" - }, - { - "name" : "http://www.varnish-cache.org/wiki/CLI", - "refsource" : "MISC", - "url" : "http://www.varnish-cache.org/wiki/CLI" - }, - { - "name" : "FEDORA-2010-6719", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100329 Medium security hole in Varnish reverse proxy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded" + }, + { + "name": "http://www.varnish-cache.org/wiki/CLI", + "refsource": "MISC", + "url": "http://www.varnish-cache.org/wiki/CLI" + }, + { + "name": "http://www.varnish-cache.org/changeset/3865", + "refsource": "MISC", + "url": "http://www.varnish-cache.org/changeset/3865" + }, + { + "name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded" + }, + { + "name": "FEDORA-2010-6719", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3038.json b/2009/3xxx/CVE-2009-3038.json index c1473b9f6f0..4cb1c237d84 100644 --- a/2009/3xxx/CVE-2009-3038.json +++ b/2009/3xxx/CVE-2009-3038.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9517", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9517", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9517" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3589.json b/2009/3xxx/CVE-2009-3589.json index 241acda6a41..d06e243ad56 100644 --- a/2009/3xxx/CVE-2009-3589.json +++ b/2009/3xxx/CVE-2009-3589.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880", - "refsource" : "CONFIRM", - "url" : "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880" - }, - { - "name" : "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5", - "refsource" : "CONFIRM", - "url" : "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880", + "refsource": "CONFIRM", + "url": "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880" + }, + { + "name": "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5", + "refsource": "CONFIRM", + "url": "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4305.json b/2009/4xxx/CVE-2009-4305.json index a7cce36ad36..febd0cd41f9 100644 --- a/2009/4xxx/CVE-2009-4305.json +++ b/2009/4xxx/CVE-2009-4305.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an \"escaping issue when processing AICC CRS file (Course_Title).\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" - }, - { - "name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=139120", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=139120" - }, - { - "name" : "FEDORA-2009-13040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" - }, - { - "name" : "FEDORA-2009-13065", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" - }, - { - "name" : "FEDORA-2009-13080", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" - }, - { - "name" : "37244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37244" - }, - { - "name" : "37614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37614" - }, - { - "name" : "ADV-2009-3455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an \"escaping issue when processing AICC CRS file (Course_Title).\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" + }, + { + "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" + }, + { + "name": "ADV-2009-3455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3455" + }, + { + "name": "37614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37614" + }, + { + "name": "FEDORA-2009-13065", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" + }, + { + "name": "FEDORA-2009-13040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" + }, + { + "name": "FEDORA-2009-13080", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" + }, + { + "name": "37244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37244" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=139120", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=139120" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4538.json b/2009/4xxx/CVE-2009-4538.json index 32b04def13c..f8e959f8767 100644 --- a/2009/4xxx/CVE-2009-4538.json +++ b/2009/4xxx/CVE-2009-4538.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/28/1" - }, - { - "name" : "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/29/2" - }, - { - "name" : "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/31/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=551214", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=551214" - }, - { - "name" : "DSA-1996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-1996" - }, - { - "name" : "DSA-2005", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2005" - }, - { - "name" : "FEDORA-2010-1787", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" - }, - { - "name" : "MDVSA-2010:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" - }, - { - "name" : "RHSA-2010:0019", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0019.html" - }, - { - "name" : "RHSA-2010:0020", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0020.html" - }, - { - "name" : "RHSA-2010:0041", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0041.html" - }, - { - "name" : "RHSA-2010:0095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" - }, - { - "name" : "RHSA-2010:0111", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0111.html" - }, - { - "name" : "RHSA-2010:0053", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0053.html" - }, - { - "name" : "SUSE-SA:2010:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" - }, - { - "name" : "SUSE-SA:2010:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html" - }, - { - "name" : "SUSE-SA:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" - }, - { - "name" : "37523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37523" - }, - { - "name" : "oval:org.mitre.oval:def:7016", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016" - }, - { - "name" : "oval:org.mitre.oval:def:9702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702" - }, - { - "name" : "1023420", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023420" - }, - { - "name" : "38031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38031" - }, - { - "name" : "38492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38492" - }, - { - "name" : "38276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38276" - }, - { - "name" : "38296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38296" - }, - { - "name" : "38610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38610" - }, - { - "name" : "38779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38779" - }, - { - "name" : "kernel-edriver-unspecified(55645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38276" + }, + { + "name": "1023420", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023420" + }, + { + "name": "SUSE-SA:2010:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html" + }, + { + "name": "kernel-edriver-unspecified(55645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55645" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=551214", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=551214" + }, + { + "name": "RHSA-2010:0111", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html" + }, + { + "name": "38779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38779" + }, + { + "name": "38296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38296" + }, + { + "name": "SUSE-SA:2010:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" + }, + { + "name": "RHSA-2010:0053", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html" + }, + { + "name": "SUSE-SA:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" + }, + { + "name": "DSA-1996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-1996" + }, + { + "name": "RHSA-2010:0019", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html" + }, + { + "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1" + }, + { + "name": "FEDORA-2010-1787", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" + }, + { + "name": "MDVSA-2010:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" + }, + { + "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2" + }, + { + "name": "RHSA-2010:0095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" + }, + { + "name": "SUSE-SA:2010:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" + }, + { + "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1" + }, + { + "name": "oval:org.mitre.oval:def:9702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702" + }, + { + "name": "RHSA-2010:0020", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html" + }, + { + "name": "38031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38031" + }, + { + "name": "37523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37523" + }, + { + "name": "38610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38610" + }, + { + "name": "oval:org.mitre.oval:def:7016", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016" + }, + { + "name": "DSA-2005", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2005" + }, + { + "name": "SUSE-SA:2010:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" + }, + { + "name": "RHSA-2010:0041", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html" + }, + { + "name": "38492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38492" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4747.json b/2009/4xxx/CVE-2009-4747.json index 1ed9e19ae9f..11d5427dd7f 100644 --- a/2009/4xxx/CVE-2009-4747.json +++ b/2009/4xxx/CVE-2009-4747.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091007 Remote File Inclusion In AIOCP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507030/100/0/threaded" - }, - { - "name" : "36609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36609" - }, - { - "name" : "aiocp-cphtml2xhtmlbasic-file-include(53679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aiocp-cphtml2xhtmlbasic-file-include(53679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53679" + }, + { + "name": "36609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36609" + }, + { + "name": "20091007 Remote File Inclusion In AIOCP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507030/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4859.json b/2009/4xxx/CVE-2009-4859.json index 6d57ecbcffe..2ad965dc769 100644 --- a/2009/4xxx/CVE-2009-4859.json +++ b/2009/4xxx/CVE-2009-4859.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt" - }, - { - "name" : "36244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt" + }, + { + "name": "36244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36244" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4921.json b/2009/4xxx/CVE-2009-4921.json index b4b06c3e6a5..fc37c101f1c 100644 --- a/2009/4xxx/CVE-2009-4921.json +++ b/2009/4xxx/CVE-2009-4921.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0233.json b/2015/0xxx/CVE-2015-0233.json index 5a0c9dee7ae..a57d9a24ca4 100644 --- a/2015/0xxx/CVE-2015-0233.json +++ b/2015/0xxx/CVE-2015-0233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183151", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183151" - }, - { - "name" : "FEDORA-2015-1711", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151954.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1183151", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183151" + }, + { + "name": "FEDORA-2015-1711", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151954.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0498.json b/2015/0xxx/CVE-2015-0498.json index 6bbb19dd99a..f5cb738244d 100644 --- a/2015/0xxx/CVE-2015-0498.json +++ b/2015/0xxx/CVE-2015-0498.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "GLSA-201507-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-19" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201507-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-19" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0510.json b/2015/0xxx/CVE-2015-0510.json index c6a0e8f6559..081bff858be 100644 --- a/2015/0xxx/CVE-2015-0510.json +++ b/2015/0xxx/CVE-2015-0510.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0805.json b/2015/0xxx/CVE-2015-0805.json index 149d14f8269..02cecb8422d 100644 --- a/2015/0xxx/CVE-2015-0805.json +++ b/2015/0xxx/CVE-2015-0805.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2015-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "GLSA-201512-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-10" - }, - { - "name" : "openSUSE-SU-2015:0677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" - }, - { - "name" : "USN-2550-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2550-1" - }, - { - "name" : "1031996", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031996", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031996" + }, + { + "name": "GLSA-201512-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-10" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511" + }, + { + "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2550-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2550-1" + }, + { + "name": "openSUSE-SU-2015:0677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1085.json b/2015/1xxx/CVE-2015-1085.json index 716a9141be2..8d686f6fc98 100644 --- a/2015/1xxx/CVE-2015-1085.json +++ b/2015/1xxx/CVE-2015-1085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "73978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73978" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "73978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73978" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1279.json b/2015/1xxx/CVE-2015-1279.json index d003566e099..5f096723456 100644 --- a/2015/1xxx/CVE-2015-1279.json +++ b/2015/1xxx/CVE-2015-1279.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=483981", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=483981" - }, - { - "name" : "https://codereview.chromium.org/1237723002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1237723002" - }, - { - "name" : "https://codereview.chromium.org/1241493002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1241493002" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "https://codereview.chromium.org/1241493002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1241493002" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=483981", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=483981" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "https://codereview.chromium.org/1237723002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1237723002" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1866.json b/2015/1xxx/CVE-2015-1866.json index 13f90343779..2c2443934c4 100644 --- a/2015/1xxx/CVE-2015-1866.json +++ b/2015/1xxx/CVE-2015-1866.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/14/11" - }, - { - "name" : "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html", - "refsource" : "CONFIRM", - "url" : "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html" - }, - { - "name" : "74185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html", + "refsource": "CONFIRM", + "url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html" + }, + { + "name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/14/11" + }, + { + "name": "74185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74185" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4177.json b/2015/4xxx/CVE-2015-4177.json index d712b4d8b12..ed4ab6ad227 100644 --- a/2015/4xxx/CVE-2015-4177.json +++ b/2015/4xxx/CVE-2015-4177.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-4177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/05/29/5" - }, - { - "name" : "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/05/29/10" - }, - { - "name" : "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/04/5" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248486", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248486" - }, - { - "name" : "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae" + }, + { + "name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/05/29/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486" + }, + { + "name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" + }, + { + "name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/05/29/10" + }, + { + "name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/04/5" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4221.json b/2015/4xxx/CVE-2015-4221.json index edf4b1ff3b3..00edacdd6d3 100644 --- a/2015/4xxx/CVE-2015-4221.json +++ b/2015/4xxx/CVE-2015-4221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-4221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150624 Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39505" - }, - { - "name" : "75401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75401" - }, - { - "name" : "1032716", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150624 Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39505" + }, + { + "name": "75401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75401" + }, + { + "name": "1032716", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032716" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4707.json b/2015/4xxx/CVE-2015-4707.json index c7600722127..f73f7125fdb 100644 --- a/2015/4xxx/CVE-2015-4707.json +++ b/2015/4xxx/CVE-2015-4707.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/06/22/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1235688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1235688" - }, - { - "name" : "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce", - "refsource" : "CONFIRM", - "url" : "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce" - }, - { - "name" : "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c", - "refsource" : "CONFIRM", - "url" : "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c" - }, - { - "name" : "https://ipython.org/ipython-doc/3/whatsnew/version3.html", - "refsource" : "CONFIRM", - "url" : "https://ipython.org/ipython-doc/3/whatsnew/version3.html" - }, - { - "name" : "75328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ipython.org/ipython-doc/3/whatsnew/version3.html", + "refsource": "CONFIRM", + "url": "https://ipython.org/ipython-doc/3/whatsnew/version3.html" + }, + { + "name": "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce", + "refsource": "CONFIRM", + "url": "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce" + }, + { + "name": "[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/06/22/7" + }, + { + "name": "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c", + "refsource": "CONFIRM", + "url": "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c" + }, + { + "name": "75328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75328" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1235688", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235688" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4812.json b/2015/4xxx/CVE-2015-4812.json index 85d61c51d70..d801127ef85 100644 --- a/2015/4xxx/CVE-2015-4812.json +++ b/2015/4xxx/CVE-2015-4812.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-4812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "1033907", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033907", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033907" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5012.json b/2015/5xxx/CVE-2015-5012.json index 222b7b15ac2..1d843df2be5 100644 --- a/2015/5xxx/CVE-2015-5012.json +++ b/2015/5xxx/CVE-2015-5012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971422", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971422" - }, - { - "name" : "IV78768", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768" - }, - { - "name" : "IV78780", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV78768", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768" + }, + { + "name": "IV78780", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5185.json b/2015/5xxx/CVE-2015-5185.json index 3b01400af94..90f8c4866c0 100644 --- a/2015/5xxx/CVE-2015-5185.json +++ b/2015/5xxx/CVE-2015-5185.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/21/2" - }, - { - "name" : "FEDORA-2015-14197", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html" - }, - { - "name" : "FEDORA-2015-14199", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html" - }, - { - "name" : "FEDORA-2015-14200", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html" - }, - { - "name" : "openSUSE-SU-2015:1571", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html" - }, - { - "name" : "91212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-14200", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html" + }, + { + "name": "FEDORA-2015-14197", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html" + }, + { + "name": "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/21/2" + }, + { + "name": "91212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91212" + }, + { + "name": "openSUSE-SU-2015:1571", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html" + }, + { + "name": "FEDORA-2015-14199", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5407.json b/2015/5xxx/CVE-2015-5407.json index 0e97a56d9dc..5a7470b017a 100644 --- a/2015/5xxx/CVE-2015-5407.json +++ b/2015/5xxx/CVE-2015-5407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893" - }, - { - "name" : "76356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893" + }, + { + "name": "76356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76356" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5499.json b/2015/5xxx/CVE-2015-5499.json index b4b1e9b3c36..2ab49eb6f23 100644 --- a/2015/5xxx/CVE-2015-5499.json +++ b/2015/5xxx/CVE-2015-5499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the \"navigate view\" permission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2492245", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2492245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the \"navigate view\" permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2492245", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2492245" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002207.json b/2018/1002xxx/CVE-2018-1002207.json index 5407d2da52b..7a69b2918e6 100644 --- a/2018/1002xxx/CVE-2018-1002207.json +++ b/2018/1002xxx/CVE-2018-1002207.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-05-17T10:52Z", - "ID" : "CVE-2018-1002207", - "REQUESTER" : "danny@snyk.io", - "STATE" : "PUBLIC", - "UPDATED" : "2018-05-17T10:52Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "archiver", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" - } - ] - } - } - ] - }, - "vendor_name" : "golang" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_ASSIGNED": "2018-05-17T10:52Z", + "ID": "CVE-2018-1002207", + "REQUESTER": "danny@snyk.io", + "STATE": "PUBLIC", + "UPDATED": "2018-05-17T10:52Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "archiver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" + } + ] + } + } + ] + }, + "vendor_name": "golang" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/snyk/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/snyk/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/research/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://snyk.io/research/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" - }, - { - "name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3", - "refsource" : "CONFIRM", - "url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" - }, - { - "name" : "https://github.com/mholt/archiver/pull/65", - "refsource" : "CONFIRM", - "url" : "https://github.com/mholt/archiver/pull/65" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name": "https://github.com/snyk/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name": "https://github.com/mholt/archiver/pull/65", + "refsource": "CONFIRM", + "url": "https://github.com/mholt/archiver/pull/65" + }, + { + "name": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3", + "refsource": "CONFIRM", + "url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" + }, + { + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071", + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" + } + ] + } +} \ No newline at end of file diff --git a/2018/1999xxx/CVE-2018-1999025.json b/2018/1999xxx/CVE-2018-1999025.json index 834950bad4b..c9755de95cc 100644 --- a/2018/1999xxx/CVE-2018-1999025.json +++ b/2018/1999xxx/CVE-2018-1999025.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-31T15:54:50.966576", - "DATE_REQUESTED" : "2018-07-30T00:00:00", - "ID" : "CVE-2018-1999025", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins TraceTronic ECU-TEST Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-31T15:54:50.966576", + "DATE_REQUESTED": "2018-07-30T00:00:00", + "ID": "CVE-2018-1999025", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2569.json b/2018/2xxx/CVE-2018-2569.json index 62c8c5fd538..97364f1ef9d 100644 --- a/2018/2xxx/CVE-2018-2569.json +++ b/2018/2xxx/CVE-2018-2569.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-2569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java ME - Specifications", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java ME - Specifications", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "102536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102536" - }, - { - "name" : "1040217", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102536" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "1040217", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040217" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3730.json b/2018/3xxx/CVE-2018-3730.json index 8039bf862a2..528e74d0b0d 100644 --- a/2018/3xxx/CVE-2018-3730.json +++ b/2018/3xxx/CVE-2018-3730.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mcstatic node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mcstatic node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/312907", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/312907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/312907", + "refsource": "MISC", + "url": "https://hackerone.com/reports/312907" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3745.json b/2018/3xxx/CVE-2018-3745.json index 387c66e0d06..175ec79f5ca 100644 --- a/2018/3xxx/CVE-2018-3745.json +++ b/2018/3xxx/CVE-2018-3745.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "atob node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=2.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read (CWE-125)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "atob node module", + "version": { + "version_data": [ + { + "version_value": "<=2.0.3" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/321686", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/321686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/321686", + "refsource": "MISC", + "url": "https://hackerone.com/reports/321686" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3779.json b/2018/3xxx/CVE-2018-3779.json index 6d51cd31011..e63931d13b5 100644 --- a/2018/3xxx/CVE-2018-3779.json +++ b/2018/3xxx/CVE-2018-3779.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "active-support ruby gem", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection - Generic (CWE-77)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "active-support ruby gem", + "version": { + "version_data": [ + { + "version_value": "5.2.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/392311", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/392311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/392311", + "refsource": "MISC", + "url": "https://hackerone.com/reports/392311" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6104.json b/2018/6xxx/CVE-2018-6104.json index 409c4d3e101..04b0b7c9f56 100644 --- a/2018/6xxx/CVE-2018-6104.json +++ b/2018/6xxx/CVE-2018-6104.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-6104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "66.0.3359.117" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-6104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "66.0.3359.117" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/820068", - "refsource" : "MISC", - "url" : "https://crbug.com/820068" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4182", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4182" - }, - { - "name" : "GLSA-201804-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-22" - }, - { - "name" : "RHSA-2018:1195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1195" - }, - { - "name" : "103917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201804-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-22" + }, + { + "name": "https://crbug.com/820068", + "refsource": "MISC", + "url": "https://crbug.com/820068" + }, + { + "name": "DSA-4182", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4182" + }, + { + "name": "103917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103917" + }, + { + "name": "RHSA-2018:1195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1195" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6346.json b/2018/6xxx/CVE-2018-6346.json index 8eca610047a..68a70dafb37 100644 --- a/2018/6xxx/CVE-2018-6346.json +++ b/2018/6xxx/CVE-2018-6346.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@fb.com", - "DATE_ASSIGNED" : "2018-12-19", - "ID" : "CVE-2018-6346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Proxygen", - "version" : { - "version_data" : [ - { - "version_affected" : "!=>", - "version_value" : "v2018.12.31.00" - }, - { - "version_affected" : "<", - "version_value" : "v2018.12.31.00" - } - ] - } - } - ] - }, - "vendor_name" : "Facebook" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2018-12-19", + "ID": "CVE-2018-6346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Proxygen", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "v2018.12.31.00" + }, + { + "version_affected": "<", + "version_value": "v2018.12.31.00" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982", - "refsource" : "MISC", - "url" : "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982", + "refsource": "MISC", + "url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6895.json b/2018/6xxx/CVE-2018-6895.json index c3ef52dd3c4..2a94e588fba 100644 --- a/2018/6xxx/CVE-2018-6895.json +++ b/2018/6xxx/CVE-2018-6895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6895", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7272.json b/2018/7xxx/CVE-2018-7272.json index 9f44183632b..a15ffde684c 100644 --- a/2018/7xxx/CVE-2018-7272.json +++ b/2018/7xxx/CVE-2018-7272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://backstage.forgerock.com/knowledge/kb/book/b21824339", - "refsource" : "MISC", - "url" : "https://backstage.forgerock.com/knowledge/kb/book/b21824339" - }, - { - "name" : "https://hansesecure.de/vulnerability-in-am/", - "refsource" : "MISC", - "url" : "https://hansesecure.de/vulnerability-in-am/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://backstage.forgerock.com/knowledge/kb/book/b21824339", + "refsource": "MISC", + "url": "https://backstage.forgerock.com/knowledge/kb/book/b21824339" + }, + { + "name": "https://hansesecure.de/vulnerability-in-am/", + "refsource": "MISC", + "url": "https://hansesecure.de/vulnerability-in-am/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7513.json b/2018/7xxx/CVE-2018-7513.json index 416a7c8fb23..0cc0c8bc726 100644 --- a/2018/7xxx/CVE-2018-7513.json +++ b/2018/7xxx/CVE-2018-7513.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-13T00:00:00", - "ID" : "CVE-2018-7513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Omron CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Version 3.30 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-13T00:00:00", + "ID": "CVE-2018-7513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Omron CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Version 3.30 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" - }, - { - "name" : "103394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103394" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7633.json b/2018/7xxx/CVE-2018-7633.json index b6ec8f10382..bd567755433 100644 --- a/2018/7xxx/CVE-2018-7633.json +++ b/2018/7xxx/CVE-2018-7633.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/", - "refsource" : "MISC", - "url" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/", + "refsource": "MISC", + "url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7684.json b/2018/7xxx/CVE-2018-7684.json index 826ea4efa84..03357e60ccf 100644 --- a/2018/7xxx/CVE-2018-7684.json +++ b/2018/7xxx/CVE-2018-7684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7684", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7684", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8157.json b/2018/8xxx/CVE-2018-8157.json index d054ae980a3..613865662e7 100644 --- a/2018/8xxx/CVE-2018-8157.json +++ b/2018/8xxx/CVE-2018-8157.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 32-bit editions" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 64-bit editions" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157" - }, - { - "name" : "104046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104046" - }, - { - "name" : "1040853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157" + }, + { + "name": "1040853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040853" + }, + { + "name": "104046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104046" + } + ] + } +} \ No newline at end of file