diff --git a/2005/0xxx/CVE-2005-0570.json b/2005/0xxx/CVE-2005-0570.json index 0d7c02462df..5e7d0f0187b 100644 --- a/2005/0xxx/CVE-2005-0570.json +++ b/2005/0xxx/CVE-2005-0570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 Multiple vulns in punBB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110927754230666&w=2" - }, - { - "name" : "12652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12652" - }, - { - "name" : "14394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14394" - }, - { - "name" : "punbb-profile-dos(19483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12652" + }, + { + "name": "14394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14394" + }, + { + "name": "20050224 Multiple vulns in punBB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110927754230666&w=2" + }, + { + "name": "punbb-profile-dos(19483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19483" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0598.json b/2005/0xxx/CVE-2005-0598.json index 2cacc3c8bbb..b35952ee2f6 100644 --- a/2005/0xxx/CVE-2005-0598.json +++ b/2005/0xxx/CVE-2005-0598.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 ACNS Denial of Service and Default Admin Password Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml" - }, - { - "name" : "VU#579240", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/579240" - }, - { - "name" : "12648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12648" - }, - { - "name" : "14395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14395" - }, - { - "name" : "cisco-realserver-realsubscriber-dos(19469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12648" + }, + { + "name": "cisco-realserver-realsubscriber-dos(19469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19469" + }, + { + "name": "20050224 ACNS Denial of Service and Default Admin Password Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml" + }, + { + "name": "14395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14395" + }, + { + "name": "VU#579240", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/579240" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0640.json b/2005/0xxx/CVE-2005-0640.json index af077f09e28..4ad22d28cee 100644 --- a/2005/0xxx/CVE-2005-0640.json +++ b/2005/0xxx/CVE-2005-0640.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the \"Change Credentials for Database\" window, which allows local users to recover the SQL Admin password via certain methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323", - "refsource" : "CONFIRM", - "url" : "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323" - }, - { - "name" : "14454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the \"Change Credentials for Database\" window, which allows local users to recover the SQL Admin password via certain methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14454" + }, + { + "name": "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323", + "refsource": "CONFIRM", + "url": "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1234.json b/2005/1xxx/CVE-2005-1234.json index b8a08e2d95a..d494eb24abd 100644 --- a/2005/1xxx/CVE-2005-1234.json +++ b/2005/1xxx/CVE-2005-1234.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060725 PHP-Auction SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441190/100/0/threaded" - }, - { - "name" : "http://www.snkenjoi.com/secadv/secadv9.txt", - "refsource" : "MISC", - "url" : "http://www.snkenjoi.com/secadv/secadv9.txt" - }, - { - "name" : "http://www.aria-security.net/advisory/phpauction.txt", - "refsource" : "MISC", - "url" : "http://www.aria-security.net/advisory/phpauction.txt" - }, - { - "name" : "http://www.phpbb-auction.com/sutra5600.html", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb-auction.com/sutra5600.html" - }, - { - "name" : "13283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13283" - }, - { - "name" : "13284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13284" - }, - { - "name" : "15704", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15704" - }, - { - "name" : "15705", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15705" - }, - { - "name" : "1013779", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013779" - }, - { - "name" : "15029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15029" - }, - { - "name" : "phpbb-auction-sql-injection(20203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.snkenjoi.com/secadv/secadv9.txt", + "refsource": "MISC", + "url": "http://www.snkenjoi.com/secadv/secadv9.txt" + }, + { + "name": "20060725 PHP-Auction SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441190/100/0/threaded" + }, + { + "name": "15704", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15704" + }, + { + "name": "13283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13283" + }, + { + "name": "15705", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15705" + }, + { + "name": "http://www.phpbb-auction.com/sutra5600.html", + "refsource": "CONFIRM", + "url": "http://www.phpbb-auction.com/sutra5600.html" + }, + { + "name": "15029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15029" + }, + { + "name": "http://www.aria-security.net/advisory/phpauction.txt", + "refsource": "MISC", + "url": "http://www.aria-security.net/advisory/phpauction.txt" + }, + { + "name": "1013779", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013779" + }, + { + "name": "13284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13284" + }, + { + "name": "phpbb-auction-sql-injection(20203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20203" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1369.json b/2005/1xxx/CVE-2005-1369.json index e72a0d28cd7..65f59af3206 100644 --- a/2005/1xxx/CVE-2005-1369.json +++ b/2005/1xxx/CVE-2005-1369.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs \"alarms\" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8" - }, - { - "name" : "http://lkml.org/lkml/2005/4/20/159", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2005/4/20/159" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs \"alarms\" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "http://lkml.org/lkml/2005/4/20/159", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2005/4/20/159" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1568.json b/2005/1xxx/CVE-2005-1568.json index 753cce16d13..bc72c68943d 100644 --- a/2005/1xxx/CVE-2005-1568.json +++ b/2005/1xxx/CVE-2005-1568.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111592417803514&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111592417803514&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1589.json b/2005/1xxx/CVE-2005-1589.json index 9f8b231bd56..c55e0b4c54d 100644 --- a/2005/1xxx/CVE-2005-1589.json +++ b/2005/1xxx/CVE-2005-1589.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20050517 [PATCH] Fix root hole in pktcdvd", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-kernel&m=111630531515901&w=2" - }, - { - "name" : "20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html" - }, - { - "name" : "20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html" - }, - { - "name" : "20050517 Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected]", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10" - }, - { - "name" : "MDKSA-2005:219", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" - }, - { - "name" : "13651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13651" - }, - { - "name" : "ADV-2005-0557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0557" - }, - { - "name" : "17826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10" + }, + { + "name": "[linux-kernel] 20050517 [PATCH] Fix root hole in pktcdvd", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-kernel&m=111630531515901&w=2" + }, + { + "name": "ADV-2005-0557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0557" + }, + { + "name": "20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html" + }, + { + "name": "13651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13651" + }, + { + "name": "20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html" + }, + { + "name": "20050517 Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected]", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html" + }, + { + "name": "17826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17826" + }, + { + "name": "MDKSA-2005:219", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1595.json b/2005/1xxx/CVE-2005-1595.json index 2480de5420a..d7fd23be533 100644 --- a/2005/1xxx/CVE-2005-1595.json +++ b/2005/1xxx/CVE-2005-1595.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html" - }, - { - "name" : "13560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13560" - }, - { - "name" : "16157", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16157" - }, - { - "name" : "15251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15251" - }, - { - "name" : "1013924", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16157", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16157" + }, + { + "name": "15251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15251" + }, + { + "name": "1013924", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013924" + }, + { + "name": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html" + }, + { + "name": "13560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13560" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1951.json b/2005/1xxx/CVE-2005-1951.json index 755c35794d1..a8e057e87b0 100644 --- a/2005/1xxx/CVE-2005-1951.json +++ b/2005/1xxx/CVE-2005-1951.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050610 osCommere HTTP Response Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111842744205117&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00080-06102005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00080-06102005" - }, - { - "name" : "20050616 RE: osCommere HTTP Response Splitting (Solution)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111936255011735&w=2" - }, - { - "name" : "13979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13979" - }, - { - "name" : "15670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050610 osCommere HTTP Response Splitting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111842744205117&w=2" + }, + { + "name": "15670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15670" + }, + { + "name": "20050616 RE: osCommere HTTP Response Splitting (Solution)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111936255011735&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00080-06102005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00080-06102005" + }, + { + "name": "13979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13979" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3209.json b/2005/3xxx/CVE-2005-3209.json index 1a1e9510e18..d16ddf38de4 100644 --- a/2005/3xxx/CVE-2005-3209.json +++ b/2005/3xxx/CVE-2005-3209.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Aenovo Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112872593432359&w=2" - }, - { - "name" : "http://www.kapda.ir/advisory-78.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-78.html" - }, - { - "name" : "19939", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19939" - }, - { - "name" : "17117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17117/" - }, - { - "name" : "aenovo-password-information-disclosure(22549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17117/" + }, + { + "name": "20051007 Aenovo Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112872593432359&w=2" + }, + { + "name": "aenovo-password-information-disclosure(22549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22549" + }, + { + "name": "http://www.kapda.ir/advisory-78.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-78.html" + }, + { + "name": "19939", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19939" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3510.json b/2005/3xxx/CVE-2005-3510.json index 2a2a6764149..b81d3cb4873 100644 --- a/2005/3xxx/CVE-2005-3510.json +++ b/2005/3xxx/CVE-2005-3510.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051104 Apache Tomcat 5.5.x remote Denial Of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415782/30/0/threaded" - }, - { - "name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded" - }, - { - "name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" - }, - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" - }, - { - "name" : "RHSA-2006:0161", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0161.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "239312", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" - }, - { - "name" : "15325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15325" - }, - { - "name" : "ADV-2008-1979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1979/references" - }, - { - "name" : "ADV-2009-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0233" - }, - { - "name" : "20439", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20439" - }, - { - "name" : "1015147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015147" - }, - { - "name" : "17416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17416" - }, - { - "name" : "30908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30908" - }, - { - "name" : "30899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30899" - }, - { - "name" : "33668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2006:0161", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html" + }, + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "30908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30908" + }, + { + "name": "17416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17416" + }, + { + "name": "239312", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1" + }, + { + "name": "20439", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20439" + }, + { + "name": "30899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30899" + }, + { + "name": "15325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15325" + }, + { + "name": "ADV-2008-1979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1979/references" + }, + { + "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" + }, + { + "name": "33668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33668" + }, + { + "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" + }, + { + "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded" + }, + { + "name": "ADV-2009-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0233" + }, + { + "name": "1015147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015147" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" + }, + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3808.json b/2005/3xxx/CVE-2005-3808.json index 2a1046bc86a..7b31b427c37 100644 --- a/2005/3xxx/CVE-2005-3808.json +++ b/2005/3xxx/CVE-2005-3808.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20051123 32bit integer overflow in invalidate_inode_pages2() (local DoS)", - "refsource" : "MLIST", - "url" : "http://seclists.org/lists/linux-kernel/2005/Nov/7839.html" - }, - { - "name" : "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406" - }, - { - "name" : "FEDORA-2005-1138", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/advisories/9852" - }, - { - "name" : "MDKSA-2006:018", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018" - }, - { - "name" : "SUSE-SA:2006:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_06_kernel.html" - }, - { - "name" : "SUSE-SA:2006:012", - "refsource" : "SUSE", - "url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html" - }, - { - "name" : "USN-231-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/231-1/" - }, - { - "name" : "15846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15846" - }, - { - "name" : "18203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18203" - }, - { - "name" : "18788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18788" - }, - { - "name" : "19038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18788" + }, + { + "name": "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406" + }, + { + "name": "19038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19038" + }, + { + "name": "15846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15846" + }, + { + "name": "18203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18203" + }, + { + "name": "SUSE-SA:2006:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_06_kernel.html" + }, + { + "name": "[linux-kernel] 20051123 32bit integer overflow in invalidate_inode_pages2() (local DoS)", + "refsource": "MLIST", + "url": "http://seclists.org/lists/linux-kernel/2005/Nov/7839.html" + }, + { + "name": "SUSE-SA:2006:012", + "refsource": "SUSE", + "url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html" + }, + { + "name": "MDKSA-2006:018", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018" + }, + { + "name": "FEDORA-2005-1138", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/advisories/9852" + }, + { + "name": "USN-231-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/231-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4197.json b/2005/4xxx/CVE-2005-4197.json index 3dede37e2b5..6806bc03d02 100644 --- a/2005/4xxx/CVE-2005-4197.json +++ b/2005/4xxx/CVE-2005-4197.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051212 SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419263/100/0/threaded" - }, - { - "name" : "http://www.sec-consult.com/247.html", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/247.html" - }, - { - "name" : "15798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15798" - }, - { - "name" : "ADV-2005-2845", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2845" - }, - { - "name" : "1015341", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015341" - }, - { - "name" : "17974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015341", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015341" + }, + { + "name": "http://www.sec-consult.com/247.html", + "refsource": "MISC", + "url": "http://www.sec-consult.com/247.html" + }, + { + "name": "20051212 SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419263/100/0/threaded" + }, + { + "name": "ADV-2005-2845", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2845" + }, + { + "name": "17974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17974" + }, + { + "name": "15798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15798" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4316.json b/2005/4xxx/CVE-2005-4316.json index ba5970f38bc..943ed53f23c 100644 --- a/2005/4xxx/CVE-2005-4316.json +++ b/2005/4xxx/CVE-2005-4316.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a \"Rose Attack\" that involves sending a subset of small IP fragments that do not form a complete, larger packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040927 IPv4 fragmentation --> The Rose Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/376490" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm" - }, - { - "name" : "HPSBUX02087", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/419594/100/0/threaded" - }, - { - "name" : "SSRT4728", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/419594/100/0/threaded" - }, - { - "name" : "11258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11258" - }, - { - "name" : "oval:org.mitre.oval:def:5760", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5760" - }, - { - "name" : "ADV-2005-2945", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2945" - }, - { - "name" : "1015361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015361" - }, - { - "name" : "18082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18082/" - }, - { - "name" : "19086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a \"Rose Attack\" that involves sending a subset of small IP fragments that do not form a complete, larger packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015361" + }, + { + "name": "ADV-2005-2945", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2945" + }, + { + "name": "SSRT4728", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/419594/100/0/threaded" + }, + { + "name": "20040927 IPv4 fragmentation --> The Rose Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/376490" + }, + { + "name": "HPSBUX02087", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/419594/100/0/threaded" + }, + { + "name": "19086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19086" + }, + { + "name": "18082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18082/" + }, + { + "name": "11258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11258" + }, + { + "name": "oval:org.mitre.oval:def:5760", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5760" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4649.json b/2005/4xxx/CVE-2005-4649.json index 985112890db..f11bf9c86b5 100644 --- a/2005/4xxx/CVE-2005-4649.json +++ b/2005/4xxx/CVE-2005-4649.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051225 Advanced Guestbook remote XSS exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html" - }, - { - "name" : "http://www.morx.org/guestbook.txt", - "refsource" : "MISC", - "url" : "http://www.morx.org/guestbook.txt" - }, - { - "name" : "22188", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051225 Advanced Guestbook remote XSS exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html" + }, + { + "name": "http://www.morx.org/guestbook.txt", + "refsource": "MISC", + "url": "http://www.morx.org/guestbook.txt" + }, + { + "name": "22188", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22188" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0009.json b/2009/0xxx/CVE-2009-0009.json index d4f5833bb7c..044b413446c 100644 --- a/2009/0xxx/CVE-2009-0009.json +++ b/2009/0xxx/CVE-2009-0009.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "33759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33759" - }, - { - "name" : "51980", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51980" - }, - { - "name" : "ADV-2009-0422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0422" - }, - { - "name" : "1021718", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2009/Feb/1021718.html" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "macosx-pixlet-codec-code-execution(48713)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "33759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33759" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "macosx-pixlet-codec-code-execution(48713)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48713" + }, + { + "name": "ADV-2009-0422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0422" + }, + { + "name": "51980", + "refsource": "OSVDB", + "url": "http://osvdb.org/51980" + }, + { + "name": "1021718", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2009/Feb/1021718.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0046.json b/2009/0xxx/CVE-2009-0046.json index 4c44f9edb98..b321e8eae1b 100644 --- a/2009/0xxx/CVE-2009-0046.json +++ b/2009/0xxx/CVE-2009-0046.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-016.html" - }, - { - "name" : "ADV-2009-0045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" + }, + { + "name": "ADV-2009-0045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0045" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-016.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1014.json b/2009/1xxx/CVE-2009-1014.json index bc883d152be..36aa9a4c5c6 100644 --- a/2009/1xxx/CVE-2009-1014.json +++ b/2009/1xxx/CVE-2009-1014.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53757", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53757" - }, - { - "name" : "1022057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022057" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "53757", + "refsource": "OSVDB", + "url": "http://osvdb.org/53757" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "1022057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022057" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1134.json b/2009/1xxx/CVE-2009-1134.json index 8bbcdbc9ac3..3846cd46b9d 100644 --- a/2009/1xxx/CVE-2009-1134.json +++ b/2009/1xxx/CVE-2009-1134.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504213/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-040/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-040/" - }, - { - "name" : "MS09-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35246" - }, - { - "name" : "54958", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54958" - }, - { - "name" : "oval:org.mitre.oval:def:5922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922" - }, - { - "name" : "1022351", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022351" - }, - { - "name" : "ADV-2009-1540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35246" + }, + { + "name": "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded" + }, + { + "name": "ADV-2009-1540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1540" + }, + { + "name": "1022351", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022351" + }, + { + "name": "MS09-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" + }, + { + "name": "54958", + "refsource": "OSVDB", + "url": "http://osvdb.org/54958" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/" + }, + { + "name": "oval:org.mitre.oval:def:5922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1520.json b/2009/1xxx/CVE-2009-1520.json index 0563452e84c..6a3ba0ce0b5 100644 --- a/2009/1xxx/CVE-2009-1520.json +++ b/2009/1xxx/CVE-2009-1520.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21384389", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21384389" - }, - { - "name" : "IC59994", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59994" - }, - { - "name" : "32604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32604" - }, - { - "name" : "ADV-2009-1235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1235" - }, - { - "name" : "ibm-tsm-webgui-bo(50328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-tsm-webgui-bo(50328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21384389", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21384389" + }, + { + "name": "IC59994", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59994" + }, + { + "name": "ADV-2009-1235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1235" + }, + { + "name": "32604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32604" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1603.json b/2009/1xxx/CVE-2009-1603.json index f6cda866885..5012573bc18 100644 --- a/2009/1xxx/CVE-2009-1603.json +++ b/2009/1xxx/CVE-2009-1603.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090508 OpenSC 0.11.8 released with security update", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/08/1" - }, - { - "name" : "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update", - "refsource" : "MLIST", - "url" : "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html" - }, - { - "name" : "FEDORA-2009-4883", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html" - }, - { - "name" : "FEDORA-2009-4919", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html" - }, - { - "name" : "FEDORA-2009-4928", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html" - }, - { - "name" : "FEDORA-2009-4967", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html" - }, - { - "name" : "GLSA-200908-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-01.xml" - }, - { - "name" : "MDVSA-2009:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123" - }, - { - "name" : "35035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35035" - }, - { - "name" : "35293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35293" - }, - { - "name" : "35309", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35309" - }, - { - "name" : "36074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36074" - }, - { - "name" : "ADV-2009-1295", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1295", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1295" + }, + { + "name": "35293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35293" + }, + { + "name": "FEDORA-2009-4919", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html" + }, + { + "name": "[oss-security] 20090508 OpenSC 0.11.8 released with security update", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/08/1" + }, + { + "name": "FEDORA-2009-4967", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html" + }, + { + "name": "FEDORA-2009-4928", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html" + }, + { + "name": "36074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36074" + }, + { + "name": "MDVSA-2009:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123" + }, + { + "name": "FEDORA-2009-4883", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html" + }, + { + "name": "35035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35035" + }, + { + "name": "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update", + "refsource": "MLIST", + "url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html" + }, + { + "name": "GLSA-200908-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-01.xml" + }, + { + "name": "35309", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35309" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1702.json b/2009/1xxx/CVE-2009-1702.json index 8eb4eec5015..2d08b3bf116 100644 --- a/2009/1xxx/CVE-2009-1702.json +++ b/2009/1xxx/CVE-2009-1702.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35327" - }, - { - "name" : "54993", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54993" - }, - { - "name" : "1022344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022344" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022344" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "54993", + "refsource": "OSVDB", + "url": "http://osvdb.org/54993" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "35327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35327" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4109.json b/2009/4xxx/CVE-2009-4109.json index 4b7bd4776b5..4700fbb2483 100644 --- a/2009/4xxx/CVE-2009-4109.json +++ b/2009/4xxx/CVE-2009-4109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx" - }, - { - "name" : "37139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37139" - }, - { - "name" : "60520", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60520" - }, - { - "name" : "37480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37480" + }, + { + "name": "37139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37139" + }, + { + "name": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx", + "refsource": "CONFIRM", + "url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx" + }, + { + "name": "60520", + "refsource": "OSVDB", + "url": "http://osvdb.org/60520" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4452.json b/2009/4xxx/CVE-2009-4452.json index 8f57ca17c39..8a4aa47aef1 100644 --- a/2009/4xxx/CVE-2009-4452.json +++ b/2009/4xxx/CVE-2009-4452.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508508/100/0/threaded" - }, - { - "name" : "10484", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10484" - }, - { - "name" : "1023366", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023366" - }, - { - "name" : "1023367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023367" - }, - { - "name" : "37398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37398" - }, - { - "name" : "37730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37730" - }, - { - "name" : "ADV-2009-3573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3573" + }, + { + "name": "1023366", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023366" + }, + { + "name": "37730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37730" + }, + { + "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded" + }, + { + "name": "10484", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10484" + }, + { + "name": "37398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37398" + }, + { + "name": "1023367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023367" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4713.json b/2009/4xxx/CVE-2009-4713.json index 55097103810..558a19551ca 100644 --- a/2009/4xxx/CVE-2009-4713.json +++ b/2009/4xxx/CVE-2009-4713.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9261", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9261" - }, - { - "name" : "35820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35820" - }, - { - "name" : "56596", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56596" - }, - { - "name" : "56597", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56597" - }, - { - "name" : "35966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56596", + "refsource": "OSVDB", + "url": "http://osvdb.org/56596" + }, + { + "name": "35820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35820" + }, + { + "name": "9261", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9261" + }, + { + "name": "35966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35966" + }, + { + "name": "56597", + "refsource": "OSVDB", + "url": "http://osvdb.org/56597" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4876.json b/2009/4xxx/CVE-2009-4876.json index 90be4458748..e15156267dc 100644 --- a/2009/4xxx/CVE-2009-4876.json +++ b/2009/4xxx/CVE-2009-4876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9203", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9203" - }, - { - "name" : "56008", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56008" - }, - { - "name" : "35891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35891" - }, - { - "name" : "netrixcms-cikkform-security-bypass(51846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56008", + "refsource": "OSVDB", + "url": "http://osvdb.org/56008" + }, + { + "name": "9203", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9203" + }, + { + "name": "35891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35891" + }, + { + "name": "netrixcms-cikkform-security-bypass(51846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51846" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4893.json b/2009/4xxx/CVE-2009-4893.json index f9091d717d4..8a6bc2e507a 100644 --- a/2009/4xxx/CVE-2009-4893.json +++ b/2009/4xxx/CVE-2009-4893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/14/13" - }, - { - "name" : "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt", - "refsource" : "CONFIRM", - "url" : "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt" - }, - { - "name" : "GLSA-201006-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201006-21.xml" - }, - { - "name" : "42077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201006-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201006-21.xml" + }, + { + "name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/14/13" + }, + { + "name": "42077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42077" + }, + { + "name": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt", + "refsource": "CONFIRM", + "url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2190.json b/2012/2xxx/CVE-2012-2190.json index 8bfe054327b..6998c6d59e1 100644 --- a/2012/2xxx/CVE-2012-2190.json +++ b/2012/2xxx/CVE-2012-2190.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606096", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606096" - }, - { - "name" : "PM66218", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66218" - }, - { - "name" : "ibm-multiple-gskit-hello-dos(75994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-multiple-gskit-hello-dos(75994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75994" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606096", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606096" + }, + { + "name": "PM66218", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66218" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2434.json b/2012/2xxx/CVE-2012-2434.json index 33c1b8cf935..e88482d559b 100644 --- a/2012/2xxx/CVE-2012-2434.json +++ b/2012/2xxx/CVE-2012-2434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2434", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2434", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2655.json b/2012/2xxx/CVE-2012-2655.json index abd46bfaaa0..b7fb998ef8b 100644 --- a/2012/2xxx/CVE-2012-2655.json +++ b/2012/2xxx/CVE-2012-2655.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.postgresql.org/about/news/1398/", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/about/news/1398/" - }, - { - "name" : "DSA-2491", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2491" - }, - { - "name" : "FEDORA-2012-8893", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html" - }, - { - "name" : "FEDORA-2012-8915", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html" - }, - { - "name" : "FEDORA-2012-8924", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html" - }, - { - "name" : "MDVSA-2012:092", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092" - }, - { - "name" : "RHSA-2012:1037", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1037.html" - }, - { - "name" : "openSUSE-SU-2012:1299", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html" - }, - { - "name" : "openSUSE-SU-2012:1251", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html" - }, - { - "name" : "openSUSE-SU-2012:1288", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html" - }, - { - "name" : "50718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.postgresql.org/about/news/1398/", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/about/news/1398/" + }, + { + "name": "50718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50718" + }, + { + "name": "FEDORA-2012-8924", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html" + }, + { + "name": "FEDORA-2012-8893", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html" + }, + { + "name": "DSA-2491", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2491" + }, + { + "name": "RHSA-2012:1037", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html" + }, + { + "name": "FEDORA-2012-8915", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html" + }, + { + "name": "MDVSA-2012:092", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092" + }, + { + "name": "openSUSE-SU-2012:1251", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html" + }, + { + "name": "openSUSE-SU-2012:1288", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html" + }, + { + "name": "openSUSE-SU-2012:1299", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6137.json b/2012/6xxx/CVE-2012-6137.json index bfd18373cec..faa738c89d1 100644 --- a/2012/6xxx/CVE-2012-6137.json +++ b/2012/6xxx/CVE-2012-6137.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=885130", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=885130" - }, - { - "name" : "RHSA-2013:0788", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0788.html" - }, - { - "name" : "59674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59674" - }, - { - "name" : "93058", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/93058" - }, - { - "name" : "1028520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028520" - }, - { - "name" : "53330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53330" - }, - { - "name" : "redhat-ssl-cve20126137-sec-bypass(84020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59674" + }, + { + "name": "93058", + "refsource": "OSVDB", + "url": "http://osvdb.org/93058" + }, + { + "name": "1028520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028520" + }, + { + "name": "53330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53330" + }, + { + "name": "redhat-ssl-cve20126137-sec-bypass(84020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84020" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=885130", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=885130" + }, + { + "name": "RHSA-2013:0788", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0788.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6185.json b/2012/6xxx/CVE-2012-6185.json index 7fc167ffb3c..008a9b9a6f3 100644 --- a/2012/6xxx/CVE-2012-6185.json +++ b/2012/6xxx/CVE-2012-6185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6185", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6185", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6502.json b/2012/6xxx/CVE-2012-6502.json index acbd4369ce3..2a082db08a7 100644 --- a/2012/6xxx/CVE-2012-6502.json +++ b/2012/6xxx/CVE-2012-6502.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\\\127.0.0.1\\C$\\ sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nsfocus.com/en/2012/advisories_1228/119.html", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/en/2012/advisories_1228/119.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\\\127.0.0.1\\C$\\ sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nsfocus.com/en/2012/advisories_1228/119.html", + "refsource": "MISC", + "url": "http://www.nsfocus.com/en/2012/advisories_1228/119.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1522.json b/2015/1xxx/CVE-2015-1522.json index d3f3d92dc74..42516141b85 100644 --- a/2015/1xxx/CVE-2015-1522.json +++ b/2015/1xxx/CVE-2015-1522.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0", - "refsource" : "CONFIRM", - "url" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0", + "refsource": "CONFIRM", + "url": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1935.json b/2015/1xxx/CVE-2015-1935.json index a933c015b77..fdf8345f7f7 100644 --- a/2015/1xxx/CVE-2015-1935.json +++ b/2015/1xxx/CVE-2015-1935.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902661", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902661" - }, - { - "name" : "IT08543", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543" - }, - { - "name" : "IT08656", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656" - }, - { - "name" : "IT08667", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667" - }, - { - "name" : "IT08668", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668" - }, - { - "name" : "75908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75908" - }, - { - "name" : "1033063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75908" + }, + { + "name": "IT08543", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661" + }, + { + "name": "1033063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033063" + }, + { + "name": "IT08656", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656" + }, + { + "name": "IT08668", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668" + }, + { + "name": "IT08667", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5028.json b/2015/5xxx/CVE-2015-5028.json index fb76d887d74..63d127165c3 100644 --- a/2015/5xxx/CVE-2015-5028.json +++ b/2015/5xxx/CVE-2015-5028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5150.json b/2015/5xxx/CVE-2015-5150.json index 61a9626fd44..b20a6eeab26 100644 --- a/2015/5xxx/CVE-2015-5150.json +++ b/2015/5xxx/CVE-2015-5150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37322", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37322/" - }, - { - "name" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=1501", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=1501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37322", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37322/" + }, + { + "name": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=1501", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=1501" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5406.json b/2015/5xxx/CVE-2015-5406.json index afbaf8a95e1..5d5c01b2564 100644 --- a/2015/5xxx/CVE-2015-5406.json +++ b/2015/5xxx/CVE-2015-5406.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893" - }, - { - "name" : "76359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893" + }, + { + "name": "76359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76359" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5698.json b/2015/5xxx/CVE-2015-5698.json index 951fa42422e..8fab2753854 100644 --- a/2015/5xxx/CVE-2015-5698.json +++ b/2015/5xxx/CVE-2015-5698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02" - }, - { - "name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf" - }, - { - "name" : "1033419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033419" + }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11216.json b/2018/11xxx/CVE-2018-11216.json index 19ce15aa2fb..1d77955ee04 100644 --- a/2018/11xxx/CVE-2018-11216.json +++ b/2018/11xxx/CVE-2018-11216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11216", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11216", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11695.json b/2018/11xxx/CVE-2018-11695.json index 8f896bc9f9a..e5b460945c8 100644 --- a/2018/11xxx/CVE-2018-11695.json +++ b/2018/11xxx/CVE-2018-11695.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sass/libsass/issues/2664", - "refsource" : "MISC", - "url" : "https://github.com/sass/libsass/issues/2664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sass/libsass/issues/2664", + "refsource": "MISC", + "url": "https://github.com/sass/libsass/issues/2664" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11906.json b/2018/11xxx/CVE-2018-11906.json index 1d943f846ba..02a91532366 100644 --- a/2018/11xxx/CVE-2018-11906.json +++ b/2018/11xxx/CVE-2018-11906.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb" - }, - { - "name" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1" - }, - { - "name" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0" + }, + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb" + }, + { + "name": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11919.json b/2018/11xxx/CVE-2018-11919.json index 76b17eb6762..8a6b8e726d4 100644 --- a/2018/11xxx/CVE-2018-11919.json +++ b/2018/11xxx/CVE-2018-11919.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334" - }, - { - "name" : "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15648.json b/2018/15xxx/CVE-2018-15648.json index 76832238225..912247fc46c 100644 --- a/2018/15xxx/CVE-2018-15648.json +++ b/2018/15xxx/CVE-2018-15648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3612.json b/2018/3xxx/CVE-2018-3612.json index c3b0ac1dfbf..5f2796deaa9 100644 --- a/2018/3xxx/CVE-2018-3612.json +++ b/2018/3xxx/CVE-2018-3612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7649.json b/2018/7xxx/CVE-2018-7649.json index f562fdda7fa..e32c47d54bb 100644 --- a/2018/7xxx/CVE-2018-7649.json +++ b/2018/7xxx/CVE-2018-7649.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monitorix before 3.10.1 allows XSS via CGI variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.monitorix.org/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.monitorix.org/changelog.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monitorix before 3.10.1 allows XSS via CGI variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.monitorix.org/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.monitorix.org/changelog.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7701.json b/2018/7xxx/CVE-2018-7701.json index da0c0b705a4..fe84580234a 100644 --- a/2018/7xxx/CVE-2018-7701.json +++ b/2018/7xxx/CVE-2018-7701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44285", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44285/" - }, - { - "name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/29" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Mar/29" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html" + }, + { + "name": "44285", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44285/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8251.json b/2018/8xxx/CVE-2018-8251.json index e085c51607a..647057fc734 100644 --- a/2018/8xxx/CVE-2018-8251.json +++ b/2018/8xxx/CVE-2018-8251.json @@ -1,191 +1,191 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \"Media Foundation Memory Corruption Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251" - }, - { - "name" : "104398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104398" - }, - { - "name" : "1041103", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \"Media Foundation Memory Corruption Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251" + }, + { + "name": "1041103", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041103" + }, + { + "name": "104398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104398" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8443.json b/2018/8xxx/CVE-2018-8443.json index b3c7fdfad37..f7d1e1c6bb3 100644 --- a/2018/8xxx/CVE-2018-8443.json +++ b/2018/8xxx/CVE-2018-8443.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443" - }, - { - "name" : "105228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105228" - }, - { - "name" : "1041635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105228" + }, + { + "name": "1041635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041635" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8540.json b/2018/8xxx/CVE-2018-8540.json index 2caa27815e8..64cd36f326e 100644 --- a/2018/8xxx/CVE-2018-8540.json +++ b/2018/8xxx/CVE-2018-8540.json @@ -1,283 +1,283 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft .NET Framework", - "version" : { - "version_data" : [ - { - "version_value" : "3.5 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "3.5 on Windows Server 2012" - }, - { - "version_value" : "3.5 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2016" - }, - { - "version_value" : "3.5 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2019" - }, - { - "version_value" : "3.5 on Windows Server 2019 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.5.2 on Windows RT 8.1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.6.2 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "4.6.2 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows Server 2019" - }, - { - "version_value" : "4.7.2 on Windows Server 2019 (Server Core installation)" - }, - { - "version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework", + "version": { + "version_data": [ + { + "version_value": "3.5 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "3.5 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "3.5 on Windows Server 2012" + }, + { + "version_value": "3.5 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2012 R2" + }, + { + "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2016" + }, + { + "version_value": "3.5 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2019" + }, + { + "version_value": "3.5 on Windows Server 2019 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.5.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.5.2 on Windows RT 8.1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012" + }, + { + "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.6.2 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "4.6.2 on Windows 10 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows Server 2019" + }, + { + "version_value": "4.7.2 on Windows Server 2019 (Server Core installation)" + }, + { + "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540" - }, - { - "name" : "106073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540" + }, + { + "name": "106073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106073" + } + ] + } +} \ No newline at end of file