From fc3737311b672c116e24fab765d1d5ae10e416bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:09:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0218.json | 170 ++++++------ 2005/0xxx/CVE-2005-0355.json | 34 +-- 2005/0xxx/CVE-2005-0535.json | 150 +++++------ 2005/0xxx/CVE-2005-0966.json | 230 ++++++++--------- 2005/1xxx/CVE-2005-1410.json | 200 +++++++------- 2005/1xxx/CVE-2005-1566.json | 140 +++++----- 2005/1xxx/CVE-2005-1569.json | 120 ++++----- 2005/1xxx/CVE-2005-1681.json | 150 +++++------ 2005/1xxx/CVE-2005-1991.json | 34 +-- 2005/3xxx/CVE-2005-3120.json | 460 ++++++++++++++++----------------- 2005/3xxx/CVE-2005-3222.json | 130 +++++----- 2005/3xxx/CVE-2005-3394.json | 170 ++++++------ 2005/4xxx/CVE-2005-4425.json | 160 ++++++------ 2005/4xxx/CVE-2005-4742.json | 130 +++++----- 2005/4xxx/CVE-2005-4866.json | 170 ++++++------ 2009/0xxx/CVE-2009-0265.json | 170 ++++++------ 2009/0xxx/CVE-2009-0857.json | 180 ++++++------- 2009/1xxx/CVE-2009-1217.json | 160 ++++++------ 2009/1xxx/CVE-2009-1259.json | 140 +++++----- 2009/1xxx/CVE-2009-1421.json | 170 ++++++------ 2009/3xxx/CVE-2009-3272.json | 150 +++++------ 2009/4xxx/CVE-2009-4365.json | 150 +++++------ 2009/4xxx/CVE-2009-4460.json | 160 ++++++------ 2009/4xxx/CVE-2009-4606.json | 170 ++++++------ 2009/4xxx/CVE-2009-4986.json | 140 +++++----- 2012/2xxx/CVE-2012-2368.json | 150 +++++------ 2012/2xxx/CVE-2012-2585.json | 120 ++++----- 2012/2xxx/CVE-2012-2656.json | 34 +-- 2012/2xxx/CVE-2012-2670.json | 190 +++++++------- 2012/6xxx/CVE-2012-6469.json | 140 +++++----- 2012/6xxx/CVE-2012-6661.json | 160 ++++++------ 2015/1xxx/CVE-2015-1323.json | 130 +++++----- 2015/1xxx/CVE-2015-1411.json | 34 +-- 2015/1xxx/CVE-2015-1467.json | 150 +++++------ 2015/1xxx/CVE-2015-1537.json | 140 +++++----- 2015/5xxx/CVE-2015-5384.json | 34 +-- 2015/5xxx/CVE-2015-5390.json | 34 +-- 2015/5xxx/CVE-2015-5548.json | 200 +++++++------- 2015/5xxx/CVE-2015-5599.json | 150 +++++------ 2018/11xxx/CVE-2018-11071.json | 200 +++++++------- 2018/11xxx/CVE-2018-11154.json | 140 +++++----- 2018/11xxx/CVE-2018-11333.json | 34 +-- 2018/11xxx/CVE-2018-11812.json | 34 +-- 2018/15xxx/CVE-2018-15131.json | 34 +-- 2018/3xxx/CVE-2018-3271.json | 142 +++++----- 2018/3xxx/CVE-2018-3307.json | 34 +-- 2018/3xxx/CVE-2018-3497.json | 34 +-- 2018/3xxx/CVE-2018-3711.json | 132 +++++----- 2018/7xxx/CVE-2018-7994.json | 162 ++++++------ 2018/8xxx/CVE-2018-8156.json | 166 ++++++------ 2018/8xxx/CVE-2018-8303.json | 34 +-- 2018/8xxx/CVE-2018-8669.json | 34 +-- 2018/8xxx/CVE-2018-8835.json | 132 +++++----- 2018/8xxx/CVE-2018-8969.json | 120 ++++----- 54 files changed, 3568 insertions(+), 3568 deletions(-) diff --git a/2005/0xxx/CVE-2005-0218.json b/2005/0xxx/CVE-2005-0218.json index 126b1df75c1..9ab199a4778 100644 --- a/2005/0xxx/CVE-2005-0218.json +++ b/2005/0xxx/CVE-2005-0218.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050110 Multi-vendor AV gateway image inspection bypass vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html" - }, - { - "name" : "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=300116", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=300116" - }, - { - "name" : "GLSA-200501-46", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml" - }, - { - "name" : "MDKSA-2005:025", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025" - }, - { - "name" : "13900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13900/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=300116", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=300116" + }, + { + "name": "20050110 Multi-vendor AV gateway image inspection bypass vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html" + }, + { + "name": "GLSA-200501-46", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml" + }, + { + "name": "13900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13900/" + }, + { + "name": "MDKSA-2005:025", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0355.json b/2005/0xxx/CVE-2005-0355.json index dc86f4f7ffb..c6922b13b3b 100644 --- a/2005/0xxx/CVE-2005-0355.json +++ b/2005/0xxx/CVE-2005-0355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0355", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0355", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0535.json b/2005/0xxx/CVE-2005-0535.json index c7e141c6750..3abc2b6d31a 100644 --- a/2005/0xxx/CVE-2005-0535.json +++ b/2005/0xxx/CVE-2005-0535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=307067", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=307067" - }, - { - "name" : "GLSA-200502-33", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml" - }, - { - "name" : "1013260", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013260" - }, - { - "name" : "14360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013260", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013260" + }, + { + "name": "GLSA-200502-33", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=307067", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=307067" + }, + { + "name": "14360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14360" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0966.json b/2005/0xxx/CVE-2005-0966.json index f82de651bf8..b73392f1223 100644 --- a/2005/0xxx/CVE-2005-0966.json +++ b/2005/0xxx/CVE-2005-0966.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050401 multiple remote denial of service vulnerabilities in Gaim", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111238715307356&w=2" - }, - { - "name" : "http://gaim.sourceforge.net/security/index.php?id=14", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/security/index.php?id=14" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750" - }, - { - "name" : "FLSA:158543", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/426078/100/0/threaded" - }, - { - "name" : "MDKSA-2005:071", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:071" - }, - { - "name" : "RHSA-2005:365", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-365.html" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "13003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13003" - }, - { - "name" : "oval:org.mitre.oval:def:9185", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185" - }, - { - "name" : "14815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14815" - }, - { - "name" : "gaim-irc-plugin-bo(19937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19937" - }, - { - "name" : "gaim-ircmsginvite-dos(19939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2005:071", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:071" + }, + { + "name": "FLSA:158543", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/426078/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:9185", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185" + }, + { + "name": "14815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14815" + }, + { + "name": "gaim-ircmsginvite-dos(19939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19939" + }, + { + "name": "13003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13003" + }, + { + "name": "http://gaim.sourceforge.net/security/index.php?id=14", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/security/index.php?id=14" + }, + { + "name": "gaim-irc-plugin-bo(19937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19937" + }, + { + "name": "RHSA-2005:365", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-365.html" + }, + { + "name": "20050401 multiple remote denial of service vulnerabilities in Gaim", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111238715307356&w=2" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1410.json b/2005/1xxx/CVE-2005-1410.json index 4ea1fdd1e96..3b77467f65e 100644 --- a/2005/1xxx/CVE-2005-1410.json +++ b/2005/1xxx/CVE-2005-1410.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as \"internal\" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news.315", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news.315" - }, - { - "name" : "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php" - }, - { - "name" : "FLSA-2006:157366", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/426302/30/6680/threaded" - }, - { - "name" : "RHSA-2005:433", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-433.html" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "13475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13475" - }, - { - "name" : "oval:org.mitre.oval:def:9343", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343" - }, - { - "name" : "ADV-2005-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0453" - }, - { - "name" : "oval:org.mitre.oval:def:1086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as \"internal\" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9343", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343" + }, + { + "name": "13475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13475" + }, + { + "name": "oval:org.mitre.oval:def:1086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086" + }, + { + "name": "RHSA-2005:433", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-433.html" + }, + { + "name": "FLSA-2006:157366", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/426302/30/6680/threaded" + }, + { + "name": "ADV-2005-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0453" + }, + { + "name": "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php" + }, + { + "name": "http://www.postgresql.org/about/news.315", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news.315" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1566.json b/2005/1xxx/CVE-2005-1566.json index 1e57d0ee74d..08f3c876f92 100644 --- a/2005/1xxx/CVE-2005-1566.json +++ b/2005/1xxx/CVE-2005-1566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050512 Acrowave AAP-3100AR authetication bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111592452331677&w=2" - }, - { - "name" : "16445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16445" - }, - { - "name" : "15343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050512 Acrowave AAP-3100AR authetication bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111592452331677&w=2" + }, + { + "name": "15343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15343" + }, + { + "name": "16445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16445" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1569.json b/2005/1xxx/CVE-2005-1569.json index 8da639f0217..caabb9929eb 100644 --- a/2005/1xxx/CVE-2005-1569.json +++ b/2005/1xxx/CVE-2005-1569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111592417803514&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111592417803514&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1681.json b/2005/1xxx/CVE-2005-1681.json index ae8273297c5..3b7bbf83c37 100644 --- a/2005/1xxx/CVE-2005-1681.json +++ b/2005/1xxx/CVE-2005-1681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050519 phpATM arbitrary PHP code inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111653168810937&w=2" - }, - { - "name" : "16692", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16692" - }, - { - "name" : "1014008", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014008" - }, - { - "name" : "15420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014008", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014008" + }, + { + "name": "16692", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16692" + }, + { + "name": "15420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15420" + }, + { + "name": "20050519 phpATM arbitrary PHP code inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111653168810937&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1991.json b/2005/1xxx/CVE-2005-1991.json index 902220c0bd5..bdaeab24c3a 100644 --- a/2005/1xxx/CVE-2005-1991.json +++ b/2005/1xxx/CVE-2005-1991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3120.json b/2005/3xxx/CVE-2005-3120.json index 60d35a2c240..4370f2ad819 100644 --- a/2005/3xxx/CVE-2005-3120.json +++ b/2005/3xxx/CVE-2005-3120.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435689/30/4740/threaded" - }, - { - "name" : "20051017 Lynx Remote Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm" - }, - { - "name" : "DSA-874", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-874" - }, - { - "name" : "DSA-876", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-876" - }, - { - "name" : "DSA-1085", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1085" - }, - { - "name" : "FLSA:152832", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/419763/100/0/threaded" - }, - { - "name" : "GLSA-200510-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml" - }, - { - "name" : "MDKSA-2005:186", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186" - }, - { - "name" : "OpenPKG-SA-2005.026", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html" - }, - { - "name" : "RHSA-2005:803", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-803.html" - }, - { - "name" : "SCOSA-2005.47", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt" - }, - { - "name" : "SCOSA-2006.7", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt" - }, - { - "name" : "SSA:2005-310-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "TSLSA-2005-0059", - "refsource" : "TRUSTIX", - "url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" - }, - { - "name" : "USN-206-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/206-1/" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253" - }, - { - "name" : "15117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15117" - }, - { - "name" : "oval:org.mitre.oval:def:9257", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257" - }, - { - "name" : "1015065", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015065" - }, - { - "name" : "17216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17216" - }, - { - "name" : "17360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17360" - }, - { - "name" : "17445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17445" - }, - { - "name" : "18376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18376" - }, - { - "name" : "17444", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17444" - }, - { - "name" : "17150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17150" - }, - { - "name" : "17230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17230" - }, - { - "name" : "17231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17231" - }, - { - "name" : "17238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17238" - }, - { - "name" : "17248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17248" - }, - { - "name" : "17340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17340" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - }, - { - "name" : "18584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18584" - }, - { - "name" : "20383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015065", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015065" + }, + { + "name": "18376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18376" + }, + { + "name": "17216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17216" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "TSLSA-2005-0059", + "refsource": "TRUSTIX", + "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" + }, + { + "name": "SSA:2005-310-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056" + }, + { + "name": "OpenPKG-SA-2005.026", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html" + }, + { + "name": "SCOSA-2005.47", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt" + }, + { + "name": "20051017 Lynx Remote Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html" + }, + { + "name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded" + }, + { + "name": "17444", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17444" + }, + { + "name": "DSA-1085", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1085" + }, + { + "name": "GLSA-200510-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml" + }, + { + "name": "18584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18584" + }, + { + "name": "17238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17238" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "17150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17150" + }, + { + "name": "MDKSA-2005:186", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186" + }, + { + "name": "17248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17248" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm" + }, + { + "name": "FLSA:152832", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded" + }, + { + "name": "17360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17360" + }, + { + "name": "17445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17445" + }, + { + "name": "15117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15117" + }, + { + "name": "USN-206-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/206-1/" + }, + { + "name": "oval:org.mitre.oval:def:9257", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257" + }, + { + "name": "RHSA-2005:803", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-803.html" + }, + { + "name": "17231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17231" + }, + { + "name": "17230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17230" + }, + { + "name": "17340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17340" + }, + { + "name": "20383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20383" + }, + { + "name": "SCOSA-2006.7", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt" + }, + { + "name": "DSA-874", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-874" + }, + { + "name": "DSA-876", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-876" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3222.json b/2005/3xxx/CVE-2005-3222.json index 427b43ba27f..a51ff4ef1de 100644 --- a/2005/3xxx/CVE-2005-3222.json +++ b/2005/3xxx/CVE-2005-3222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3394.json b/2005/3xxx/CVE-2005-3394.json index ac615bd8d28..59dbc0e5528 100644 --- a/2005/3xxx/CVE-2005-3394.json +++ b/2005/3xxx/CVE-2005-3394.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051030 SQL IN FORUM.PHP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415299" - }, - { - "name" : "15245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15245" - }, - { - "name" : "ADV-2005-2258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2258" - }, - { - "name" : "20420", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20420" - }, - { - "name" : "17373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17373" - }, - { - "name" : "oaboard-forum-script-sql-injection(22932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2258" + }, + { + "name": "17373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17373" + }, + { + "name": "20420", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20420" + }, + { + "name": "20051030 SQL IN FORUM.PHP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415299" + }, + { + "name": "oaboard-forum-script-sql-injection(22932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22932" + }, + { + "name": "15245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15245" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4425.json b/2005/4xxx/CVE-2005-4425.json index b326c8129cb..07113affb4a 100644 --- a/2005/4xxx/CVE-2005-4425.json +++ b/2005/4xxx/CVE-2005-4425.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kwf_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kwf_history.html" - }, - { - "name" : "15387", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15387" - }, - { - "name" : "ADV-2005-2391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2391" - }, - { - "name" : "17519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17519" - }, - { - "name" : "kerio-winroute-rtsp-dos(23034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2391" + }, + { + "name": "15387", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15387" + }, + { + "name": "17519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17519" + }, + { + "name": "http://www.kerio.com/kwf_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kwf_history.html" + }, + { + "name": "kerio-winroute-rtsp-dos(23034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23034" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4742.json b/2005/4xxx/CVE-2005-4742.json index 13f89660c3b..d0373a20469 100644 --- a/2005/4xxx/CVE-2005-4742.json +++ b/2005/4xxx/CVE-2005-4742.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Echelog 0.6.2 allows attackers to \"exploit function stacks on some architectures,\" with unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=365508", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=365508" - }, - { - "name" : "20244", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Echelog 0.6.2 allows attackers to \"exploit function stacks on some architectures,\" with unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20244", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20244" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=365508", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=365508" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4866.json b/2005/4xxx/CVE-2005-4866.json index f0464331e77..4fcb4dc070d 100644 --- a/2005/4xxx/CVE-2005-4866.json +++ b/2005/4xxx/CVE-2005-4866.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050105 IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110495251101381&w=2" - }, - { - "name" : "http://www.nextgenss.com/advisories/db205012005D.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/db205012005D.txt" - }, - { - "name" : "IY61492", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61492" - }, - { - "name" : "11401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11401" - }, - { - "name" : "12733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12733/" - }, - { - "name" : "db2-jdbc-bo(17613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY61492", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61492" + }, + { + "name": "11401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11401" + }, + { + "name": "20050105 IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110495251101381&w=2" + }, + { + "name": "12733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12733/" + }, + { + "name": "db2-jdbc-bo(17613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17613" + }, + { + "name": "http://www.nextgenss.com/advisories/db205012005D.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/db205012005D.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0265.json b/2009/0xxx/CVE-2009-0265.json index 3d610988932..45a16a0d845 100644 --- a/2009/0xxx/CVE-2009-0265.json +++ b/2009/0xxx/CVE-2009-0265.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33" - }, - { - "name" : "https://www.isc.org/node/373", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/node/373" - }, - { - "name" : "MDVSA-2009:037", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:037" - }, - { - "name" : "SSA:2009-014-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362" - }, - { - "name" : "ADV-2009-0043", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0043" - }, - { - "name" : "33559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:037", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:037" + }, + { + "name": "33559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33559" + }, + { + "name": "ADV-2009-0043", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0043" + }, + { + "name": "SSA:2009-014-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362" + }, + { + "name": "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33", + "refsource": "MISC", + "url": "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33" + }, + { + "name": "https://www.isc.org/node/373", + "refsource": "CONFIRM", + "url": "https://www.isc.org/node/373" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0857.json b/2009/0xxx/CVE-2009-0857.json index 51ed5dce6ec..71179b4c979 100644 --- a/2009/0xxx/CVE-2009-0857.json +++ b/2009/0xxx/CVE-2009-0857.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1" - }, - { - "name" : "247046", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1" - }, - { - "name" : "33999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33999" - }, - { - "name" : "1021809", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021809" - }, - { - "name" : "34146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34146" - }, - { - "name" : "ADV-2009-0605", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0605" - }, - { - "name" : "sunmc-performancereportingmodule-xss(49076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33999" + }, + { + "name": "sunmc-performancereportingmodule-xss(49076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49076" + }, + { + "name": "ADV-2009-0605", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0605" + }, + { + "name": "34146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34146" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1" + }, + { + "name": "247046", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1" + }, + { + "name": "1021809", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021809" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1217.json b/2009/1xxx/CVE-2009-1217.json index bbb25a7260f..3be02676bed 100644 --- a/2009/1xxx/CVE-2009-1217.json +++ b/2009/1xxx/CVE-2009-1217.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the \"Microsoft GdiPlus EMF GpFont.SetData integer overflow.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html", - "refsource" : "MISC", - "url" : "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html" - }, - { - "name" : "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx" - }, - { - "name" : "34250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34250" - }, - { - "name" : "ADV-2009-0832", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0832" - }, - { - "name" : "win-gdi-emfplusfont-dos(49438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the \"Microsoft GdiPlus EMF GpFont.SetData integer overflow.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx" + }, + { + "name": "ADV-2009-0832", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0832" + }, + { + "name": "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html", + "refsource": "MISC", + "url": "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html" + }, + { + "name": "win-gdi-emfplusfont-dos(49438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49438" + }, + { + "name": "34250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34250" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1259.json b/2009/1xxx/CVE-2009-1259.json index 6787357eedd..302b2f33f66 100644 --- a/2009/1xxx/CVE-2009-1259.json +++ b/2009/1xxx/CVE-2009-1259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8351", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8351" - }, - { - "name" : "34371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34371" - }, - { - "name" : "adaptbb-topic-sql-injection(49681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adaptbb-topic-sql-injection(49681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49681" + }, + { + "name": "34371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34371" + }, + { + "name": "8351", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8351" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1421.json b/2009/1xxx/CVE-2009-1421.json index f9a1f54cf6e..8dd2bd8abe1 100644 --- a/2009/1xxx/CVE-2009-1421.json +++ b/2009/1xxx/CVE-2009-1421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02440", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654506100944&w=2" - }, - { - "name" : "SSRT090106", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654506100944&w=2" - }, - { - "name" : "35547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35547" - }, - { - "name" : "1022493", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022493" - }, - { - "name" : "35644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35644" - }, - { - "name" : "ADV-2009-1755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090106", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654506100944&w=2" + }, + { + "name": "ADV-2009-1755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1755" + }, + { + "name": "HPSBUX02440", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654506100944&w=2" + }, + { + "name": "1022493", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022493" + }, + { + "name": "35644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35644" + }, + { + "name": "35547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35547" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3272.json b/2009/3xxx/CVE-2009-3272.json index 747f58d256d..106f383f87c 100644 --- a/2009/3xxx/CVE-2009-3272.json +++ b/2009/3xxx/CVE-2009-3272.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9606", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9606" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "9606", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9606" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4365.json b/2009/4xxx/CVE-2009-4365.json index faa3e98ff79..8ab196ae6bf 100644 --- a/2009/4xxx/CVE-2009-4365.json +++ b/2009/4xxx/CVE-2009-4365.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt" - }, - { - "name" : "61114", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61114" - }, - { - "name" : "37743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37743" - }, - { - "name" : "ezblog-admin-csrf(54895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61114", + "refsource": "OSVDB", + "url": "http://osvdb.org/61114" + }, + { + "name": "ezblog-admin-csrf(54895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54895" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt" + }, + { + "name": "37743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37743" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4460.json b/2009/4xxx/CVE-2009-4460.json index 7b6a37cd9f8..829b5466910 100644 --- a/2009/4xxx/CVE-2009-4460.json +++ b/2009/4xxx/CVE-2009-4460.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10616", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10616" - }, - { - "name" : "61285", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61285" - }, - { - "name" : "61286", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61286" - }, - { - "name" : "61287", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61287" - }, - { - "name" : "37894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61286", + "refsource": "OSVDB", + "url": "http://osvdb.org/61286" + }, + { + "name": "61285", + "refsource": "OSVDB", + "url": "http://osvdb.org/61285" + }, + { + "name": "37894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37894" + }, + { + "name": "10616", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10616" + }, + { + "name": "61287", + "refsource": "OSVDB", + "url": "http://osvdb.org/61287" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4606.json b/2009/4xxx/CVE-2009-4606.json index 250aa846e41..39834b474c8 100644 --- a/2009/4xxx/CVE-2009-4606.json +++ b/2009/4xxx/CVE-2009-4606.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091020 South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507323/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/9sg_south_river_priv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_south_river_priv.html" - }, - { - "name" : "59080", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59080" - }, - { - "name" : "37083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37083" - }, - { - "name" : "ADV-2009-2994", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2994" - }, - { - "name" : "webdrive-webdrive-privilege-escalation(53885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37083" + }, + { + "name": "http://retrogod.altervista.org/9sg_south_river_priv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_south_river_priv.html" + }, + { + "name": "59080", + "refsource": "OSVDB", + "url": "http://osvdb.org/59080" + }, + { + "name": "ADV-2009-2994", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2994" + }, + { + "name": "20091020 South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507323/100/0/threaded" + }, + { + "name": "webdrive-webdrive-privilege-escalation(53885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53885" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4986.json b/2009/4xxx/CVE-2009-4986.json index 9ed099c07a2..fb119b41cdf 100644 --- a/2009/4xxx/CVE-2009-4986.json +++ b/2009/4xxx/CVE-2009-4986.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9358", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9358" - }, - { - "name" : "36165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36165" - }, - { - "name" : "ADV-2009-2164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9358", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9358" + }, + { + "name": "36165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36165" + }, + { + "name": "ADV-2009-2164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2164" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2368.json b/2012/2xxx/CVE-2012-2368.json index f342c3cb2e5..aa6421d2a51 100644 --- a/2012/2xxx/CVE-2012-2368.json +++ b/2012/2xxx/CVE-2012-2368.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120514 CVE request: Bytemark Symbiosis", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/14/1" - }, - { - "name" : "[oss-security] 20120514 Re: CVE request: Bytemark Symbiosis", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/14/3" - }, - { - "name" : "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322", - "refsource" : "CONFIRM", - "url" : "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322" - }, - { - "name" : "48993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120514 Re: CVE request: Bytemark Symbiosis", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/14/3" + }, + { + "name": "[oss-security] 20120514 CVE request: Bytemark Symbiosis", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/14/1" + }, + { + "name": "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322", + "refsource": "CONFIRM", + "url": "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322" + }, + { + "name": "48993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48993" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2585.json b/2012/2xxx/CVE-2012-2585.json index 4e80bedf1ee..2964fc0aa1d 100644 --- a/2012/2xxx/CVE-2012-2585.json +++ b/2012/2xxx/CVE-2012-2585.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20356", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20356/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20356", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20356/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2656.json b/2012/2xxx/CVE-2012-2656.json index 8017432d69f..4c5e02b68df 100644 --- a/2012/2xxx/CVE-2012-2656.json +++ b/2012/2xxx/CVE-2012-2656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2670.json b/2012/2xxx/CVE-2012-2670.json index e8e28c32687..0f18936616f 100644 --- a/2012/2xxx/CVE-2012-2670.json +++ b/2012/2xxx/CVE-2012-2670.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120604 Arbitrary File Upload/Execution in Collabtive", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html" - }, - { - "name" : "20120605 Arbitrary File Upload/Execution in Collabtive", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522973/30/0/threaded" - }, - { - "name" : "[oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/06/6" - }, - { - "name" : "[oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/06/9" - }, - { - "name" : "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html", - "refsource" : "MISC", - "url" : "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html" - }, - { - "name" : "http://www.collabtive.o-dyn.de/blog/?p=426", - "refsource" : "CONFIRM", - "url" : "http://www.collabtive.o-dyn.de/blog/?p=426" - }, - { - "name" : "53813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53813" - }, - { - "name" : "collabtive-manageuser-file-upload(76101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53813" + }, + { + "name": "http://www.collabtive.o-dyn.de/blog/?p=426", + "refsource": "CONFIRM", + "url": "http://www.collabtive.o-dyn.de/blog/?p=426" + }, + { + "name": "20120604 Arbitrary File Upload/Execution in Collabtive", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html" + }, + { + "name": "collabtive-manageuser-file-upload(76101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76101" + }, + { + "name": "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html", + "refsource": "MISC", + "url": "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html" + }, + { + "name": "20120605 Arbitrary File Upload/Execution in Collabtive", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522973/30/0/threaded" + }, + { + "name": "[oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/06/6" + }, + { + "name": "[oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/06/9" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6469.json b/2012/6xxx/CVE-2012-6469.json index 353b268ef43..8114ca46976 100644 --- a/2012/6xxx/CVE-2012-6469.json +++ b/2012/6xxx/CVE-2012-6469.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1211/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1211/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1037/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1037/" - }, - { - "name" : "56594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/1037/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1037/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1211/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1211/" + }, + { + "name": "56594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56594" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6661.json b/2012/6xxx/CVE-2012-6661.json index 3f81a2b2307..87db537666b 100644 --- a/2012/6xxx/CVE-2012-6661.json +++ b/2012/6xxx/CVE-2012-6661.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://bugs.launchpad.net/zope2/+bug/1071067", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/zope2/+bug/1071067" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121124", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121124" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/24", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/24" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "https://bugs.launchpad.net/zope2/+bug/1071067", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/zope2/+bug/1071067" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/24", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/24" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121124", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121124" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1323.json b/2015/1xxx/CVE-2015-1323.json index 16b7a2941b9..df7d6793c56 100644 --- a/2015/1xxx/CVE-2015-1323.json +++ b/2015/1xxx/CVE-2015-1323.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-2648-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2648-1" - }, - { - "name" : "75221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75221" + }, + { + "name": "USN-2648-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2648-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1411.json b/2015/1xxx/CVE-2015-1411.json index f05b7e27285..29306d84ee7 100644 --- a/2015/1xxx/CVE-2015-1411.json +++ b/2015/1xxx/CVE-2015-1411.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1411", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1411", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1467.json b/2015/1xxx/CVE-2015-1467.json index 125ec8875a3..e326d5a7353 100644 --- a/2015/1xxx/CVE-2015-1467.json +++ b/2015/1xxx/CVE-2015-1467.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150204 [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534616/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html" - }, - { - "name" : "http://www.fork-cms.com/blog/detail/fork-3.8.6-released", - "refsource" : "CONFIRM", - "url" : "http://www.fork-cms.com/blog/detail/fork-3.8.6-released" - }, - { - "name" : "forkcms-cve20151467-sql-injection(100668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150204 [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534616/100/0/threaded" + }, + { + "name": "http://www.fork-cms.com/blog/detail/fork-3.8.6-released", + "refsource": "CONFIRM", + "url": "http://www.fork-cms.com/blog/detail/fork-3.8.6-released" + }, + { + "name": "forkcms-cve20151467-sql-injection(100668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100668" + }, + { + "name": "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1537.json b/2015/1xxx/CVE-2015-1537.json index 2949974a446..2b9c7964456 100644 --- a/2015/1xxx/CVE-2015-1537.json +++ b/2015/1xxx/CVE-2015-1537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0" - }, - { - "name" : "76670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76670" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0" + }, + { + "name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5384.json b/2015/5xxx/CVE-2015-5384.json index 1bb3932ee7d..7c9bf00a045 100644 --- a/2015/5xxx/CVE-2015-5384.json +++ b/2015/5xxx/CVE-2015-5384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5390.json b/2015/5xxx/CVE-2015-5390.json index b526ef6b8fc..d4437c587a9 100644 --- a/2015/5xxx/CVE-2015-5390.json +++ b/2015/5xxx/CVE-2015-5390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5548.json b/2015/5xxx/CVE-2015-5548.json index 7114116aad1..d6444d6e356 100644 --- a/2015/5xxx/CVE-2015-5548.json +++ b/2015/5xxx/CVE-2015-5548.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76283" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "76283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76283" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5599.json b/2015/5xxx/CVE-2015-5599.json index 9742c5dfe80..793bbdb0e6a 100644 --- a/2015/5xxx/CVE-2015-5599.json +++ b/2015/5xxx/CVE-2015-5599.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/64" - }, - { - "name" : "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/20/1" - }, - { - "name" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=132", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/20/1" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=132", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=132" + }, + { + "name": "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/64" + }, + { + "name": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11071.json b/2018/11xxx/CVE-2018-11071.json index d893345d812..c29481764fc 100644 --- a/2018/11xxx/CVE-2018-11071.json +++ b/2018/11xxx/CVE-2018-11071.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "ID" : "CVE-2018-11071", - "STATE" : "PUBLIC", - "TITLE" : "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Isilon OneFS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x", - "version_value" : "8.1.2 " - } - ] - } - }, - { - "product_name" : "IsilonSD Edge", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x", - "version_value" : "8.1.2 " - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Dell EMC would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote process crash vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-11071", + "STATE": "PUBLIC", + "TITLE": "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x", + "version_value": "8.1.2 " + } + ] + } + }, + { + "product_name": "IsilonSD Edge", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x", + "version_value": "8.1.2 " + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/19" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Dell EMC would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote process crash vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/19" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11154.json b/2018/11xxx/CVE-2018-11154.json index e2196600bbd..cc3cdcac2bf 100644 --- a/2018/11xxx/CVE-2018-11154.json +++ b/2018/11xxx/CVE-2018-11154.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11333.json b/2018/11xxx/CVE-2018-11333.json index 1a50bf61162..8f0fda97923 100644 --- a/2018/11xxx/CVE-2018-11333.json +++ b/2018/11xxx/CVE-2018-11333.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11333", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11333", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11812.json b/2018/11xxx/CVE-2018-11812.json index 0e4ce7719d8..3569ba68175 100644 --- a/2018/11xxx/CVE-2018-11812.json +++ b/2018/11xxx/CVE-2018-11812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11812", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11812", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15131.json b/2018/15xxx/CVE-2018-15131.json index 19b3d96e98b..f9cddbab557 100644 --- a/2018/15xxx/CVE-2018-15131.json +++ b/2018/15xxx/CVE-2018-15131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15131", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15131", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3271.json b/2018/3xxx/CVE-2018-3271.json index 3b26f4439c9..5934566a2d9 100644 --- a/2018/3xxx/CVE-2018-3271.json +++ b/2018/3xxx/CVE-2018-3271.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105605" - }, - { - "name" : "1041895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041895" + }, + { + "name": "105605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105605" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3307.json b/2018/3xxx/CVE-2018-3307.json index be8a729f5b5..e61aa247b84 100644 --- a/2018/3xxx/CVE-2018-3307.json +++ b/2018/3xxx/CVE-2018-3307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3497.json b/2018/3xxx/CVE-2018-3497.json index 61f72ac6650..49c98fa503c 100644 --- a/2018/3xxx/CVE-2018-3497.json +++ b/2018/3xxx/CVE-2018-3497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3711.json b/2018/3xxx/CVE-2018-3711.json index c14a6add934..73e1818769c 100644 --- a/2018/3xxx/CVE-2018-3711.json +++ b/2018/3xxx/CVE-2018-3711.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2018-3711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "fastify node module", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 0.38.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with \"Content-Type: application/json\" and a very large payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Allocation of Resources Without Limits or Throttling (CWE-770)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2018-3711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "fastify node module", + "version": { + "version_data": [ + { + "version_value": "Versions before 0.38.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fastify/fastify/pull/627", - "refsource" : "MISC", - "url" : "https://github.com/fastify/fastify/pull/627" - }, - { - "name" : "https://hackerone.com/reports/303632", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/303632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with \"Content-Type: application/json\" and a very large payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allocation of Resources Without Limits or Throttling (CWE-770)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fastify/fastify/pull/627", + "refsource": "MISC", + "url": "https://github.com/fastify/fastify/pull/627" + }, + { + "name": "https://hackerone.com/reports/303632", + "refsource": "MISC", + "url": "https://hackerone.com/reports/303632" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7994.json b/2018/7xxx/CVE-2018-7994.json index 433568dcf93..e33da8f3b65 100644 --- a/2018/7xxx/CVE-2018-7994.json +++ b/2018/7xxx/CVE-2018-7994.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500", - "version" : { - "version_data" : [ - { - "version_value" : "IPS Module V500R001C50" - }, - { - "version_value" : "NGFW Module V500R001C50" - }, - { - "version_value" : "V500R002C10" - }, - { - "version_value" : "NIP6300 V500R001C50" - }, - { - "version_value" : "NIP6600 V500R001C50" - }, - { - "version_value" : "NIP6800 V500R001C50" - }, - { - "version_value" : "Secospace USG6600 V500R001C50" - }, - { - "version_value" : "USG9500 V500R001C50" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500", + "version": { + "version_data": [ + { + "version_value": "IPS Module V500R001C50" + }, + { + "version_value": "NGFW Module V500R001C50" + }, + { + "version_value": "V500R002C10" + }, + { + "version_value": "NIP6300 V500R001C50" + }, + { + "version_value": "NIP6600 V500R001C50" + }, + { + "version_value": "NIP6800 V500R001C50" + }, + { + "version_value": "Secospace USG6600 V500R001C50" + }, + { + "version_value": "USG9500 V500R001C50" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8156.json b/2018/8xxx/CVE-2018-8156.json index 4c652201b6e..a84eac5f61d 100644 --- a/2018/8xxx/CVE-2018-8156.json +++ b/2018/8xxx/CVE-2018-8156.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Project Server", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2" - }, - { - "version_value" : "2013 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Project Server", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156" - }, - { - "name" : "104048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104048" - }, - { - "name" : "1040856", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156" + }, + { + "name": "1040856", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040856" + }, + { + "name": "104048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104048" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8303.json b/2018/8xxx/CVE-2018-8303.json index 2f44988e5de..072c06bf60b 100644 --- a/2018/8xxx/CVE-2018-8303.json +++ b/2018/8xxx/CVE-2018-8303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8669.json b/2018/8xxx/CVE-2018-8669.json index d34b916c0fc..7cb8006768c 100644 --- a/2018/8xxx/CVE-2018-8669.json +++ b/2018/8xxx/CVE-2018-8669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8669", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8669", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8835.json b/2018/8xxx/CVE-2018-8835.json index 03a68c6ff82..5409d2477ba 100644 --- a/2018/8xxx/CVE-2018-8835.json +++ b/2018/8xxx/CVE-2018-8835.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-8835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess HMI Designer", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOUBLE FREE CWE-415" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-8835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" - }, - { - "name" : "103972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOUBLE FREE CWE-415" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103972" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8969.json b/2018/8xxx/CVE-2018-8969.json index 4180ffab97e..17007d397b7 100644 --- a/2018/8xxx/CVE-2018-8969.json +++ b/2018/8xxx/CVE-2018-8969.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md", - "refsource" : "MISC", - "url" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md", + "refsource": "MISC", + "url": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md" + } + ] + } +} \ No newline at end of file