diff --git a/2002/0xxx/CVE-2002-0411.json b/2002/0xxx/CVE-2002-0411.json index 469a359505c..58b20611da6 100644 --- a/2002/0xxx/CVE-2002-0411.json +++ b/2002/0xxx/CVE-2002-0411.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020303 AeroMail multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html" - }, - { - "name" : "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz" - }, - { - "name" : "4215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4215" - }, - { - "name" : "aeromail-subject-css(8346)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8346.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aeromail-subject-css(8346)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8346.php" + }, + { + "name": "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz", + "refsource": "CONFIRM", + "url": "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz" + }, + { + "name": "20020303 AeroMail multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html" + }, + { + "name": "4215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4215" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0575.json b/2002/0xxx/CVE-2002-0575.json index 6c754102a41..b1ec753d977 100644 --- a/2002/0xxx/CVE-2002-0575.json +++ b/2002/0xxx/CVE-2002-0575.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020426 Revised OpenSSH Security Advisory (adv.token)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/269701" - }, - { - "name" : "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/268718" - }, - { - "name" : "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101924296115863&w=2" - }, - { - "name" : "20020517 OpenSSH 3.2.2 released (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102167972421837&w=2" - }, - { - "name" : "20020429 TSLSA-2002-0047 - openssh", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html" - }, - { - "name" : "20020420 OpenSSH Security Advisory (adv.token)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html" - }, - { - "name" : "CSSA-2002-022.2", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt" - }, - { - "name" : "4560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4560" - }, - { - "name" : "openssh-sshd-kerberos-bo(8896)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8896.php" - }, - { - "name" : "781", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openssh-sshd-kerberos-bo(8896)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8896.php" + }, + { + "name": "20020420 OpenSSH Security Advisory (adv.token)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html" + }, + { + "name": "4560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4560" + }, + { + "name": "CSSA-2002-022.2", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt" + }, + { + "name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101924296115863&w=2" + }, + { + "name": "20020517 OpenSSH 3.2.2 released (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102167972421837&w=2" + }, + { + "name": "20020426 Revised OpenSSH Security Advisory (adv.token)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/269701" + }, + { + "name": "781", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/781" + }, + { + "name": "20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/268718" + }, + { + "name": "20020429 TSLSA-2002-0047 - openssh", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0776.json b/2002/0xxx/CVE-2002-0776.json index d26ed0ad5ee..37394041ce0 100644 --- a/2002/0xxx/CVE-2002-0776.json +++ b/2002/0xxx/CVE-2002-0776.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the \"UpdateUser\" hot fix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020713 Hosting Controller Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/282129" - }, - { - "name" : "http://hostingcontroller.com/english/logs/sp2log.html", - "refsource" : "CONFIRM", - "url" : "http://hostingcontroller.com/english/logs/sp2log.html" - }, - { - "name" : "hosting-controller-password-modification(9554)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9554.php" - }, - { - "name" : "5229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the \"UpdateUser\" hot fix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hostingcontroller.com/english/logs/sp2log.html", + "refsource": "CONFIRM", + "url": "http://hostingcontroller.com/english/logs/sp2log.html" + }, + { + "name": "hosting-controller-password-modification(9554)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9554.php" + }, + { + "name": "5229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5229" + }, + { + "name": "20020713 Hosting Controller Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/282129" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2318.json b/2002/2xxx/CVE-2002-2318.json index 5152783feee..6588b7d9b0b 100644 --- a/2002/2xxx/CVE-2002-2318.json +++ b/2002/2xxx/CVE-2002-2318.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020808 Cross-Site Scripting Issues in Falcon Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2002/Aug/0158.html" - }, - { - "name" : "20020808 Cross-Site Scripting Issues in Falcon Web Server", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-August/000934.html" - }, - { - "name" : "5435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5435" - }, - { - "name" : "falcon-error-msg-xss(9812)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9812.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020808 Cross-Site Scripting Issues in Falcon Web Server", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2002/Aug/0158.html" + }, + { + "name": "falcon-error-msg-xss(9812)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9812.php" + }, + { + "name": "20020808 Cross-Site Scripting Issues in Falcon Web Server", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-August/000934.html" + }, + { + "name": "5435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5435" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0566.json b/2005/0xxx/CVE-2005-0566.json index d64a19be7cf..d0b1eac8fdf 100644 --- a/2005/0xxx/CVE-2005-0566.json +++ b/2005/0xxx/CVE-2005-0566.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050122 several BO's in goldenftpd", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031098.html" - }, - { - "name" : "http://www.goldenftpserver.com", - "refsource" : "MISC", - "url" : "http://www.goldenftpserver.com" - }, - { - "name" : "VU#620862", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/620862" - }, - { - "name" : "12333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12333" - }, - { - "name" : "1012973", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012973" - }, - { - "name" : "13966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13966/" - }, - { - "name" : "golden-ftp-rnto-bo(19015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.goldenftpserver.com", + "refsource": "MISC", + "url": "http://www.goldenftpserver.com" + }, + { + "name": "20050122 several BO's in goldenftpd", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031098.html" + }, + { + "name": "VU#620862", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/620862" + }, + { + "name": "golden-ftp-rnto-bo(19015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19015" + }, + { + "name": "1012973", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012973" + }, + { + "name": "12333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12333" + }, + { + "name": "13966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13966/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1180.json b/2005/1xxx/CVE-2005-1180.json index 3207883f85e..7b6df74e0f2 100644 --- a/2005/1xxx/CVE-2005-1180.json +++ b/2005/1xxx/CVE-2005-1180.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the forwarder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050415 Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111359804013536&w=2" - }, - { - "name" : "http://www.digitalparadox.org/advisories/pnuke.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/pnuke.txt" - }, - { - "name" : "15647", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15647" - }, - { - "name" : "14965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14965" - }, - { - "name" : "php-nuke-http-response-splitting(20116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the forwarder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalparadox.org/advisories/pnuke.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/pnuke.txt" + }, + { + "name": "15647", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15647" + }, + { + "name": "14965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14965" + }, + { + "name": "php-nuke-http-response-splitting(20116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20116" + }, + { + "name": "20050415 Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111359804013536&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1192.json b/2005/1xxx/CVE-2005-1192.json index 0305c4bd17a..7ceaafb6736 100644 --- a/2005/1xxx/CVE-2005-1192.json +++ b/2005/1xxx/CVE-2005-1192.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX01137", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01137" - }, - { - "name" : "SSRT5954", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01137" - }, - { - "name" : "13367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13367" - }, - { - "name" : "oval:org.mitre.oval:def:1407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1407" - }, - { - "name" : "oval:org.mitre.oval:def:1533", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1533" - }, - { - "name" : "oval:org.mitre.oval:def:1552", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1552" - }, - { - "name" : "oval:org.mitre.oval:def:1607", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1607" - }, - { - "name" : "oval:org.mitre.oval:def:935", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A935" - }, - { - "name" : "262", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1607", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1607" + }, + { + "name": "262", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/262" + }, + { + "name": "13367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13367" + }, + { + "name": "SSRT5954", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01137" + }, + { + "name": "oval:org.mitre.oval:def:935", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A935" + }, + { + "name": "HPSBUX01137", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01137" + }, + { + "name": "oval:org.mitre.oval:def:1533", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1533" + }, + { + "name": "oval:org.mitre.oval:def:1407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1407" + }, + { + "name": "oval:org.mitre.oval:def:1552", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1552" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1286.json b/2005/1xxx/CVE-2005-1286.json index 89e67fe9ea7..20accc61c2f 100644 --- a/2005/1xxx/CVE-2005-1286.json +++ b/2005/1xxx/CVE-2005-1286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\\program.exe, possibly due to the lack of quoting of the full pathname when executing a process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050422 BitDefender 8 - Race condition vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111420400316397&w=2" - }, - { - "name" : "15818", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15818" - }, - { - "name" : "15076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\\program.exe, possibly due to the lack of quoting of the full pathname when executing a process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050422 BitDefender 8 - Race condition vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111420400316397&w=2" + }, + { + "name": "15818", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15818" + }, + { + "name": "15076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15076" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1326.json b/2005/1xxx/CVE-2005-1326.json index bbe7c84cd88..d51af4b8379 100644 --- a/2005/1xxx/CVE-2005-1326.json +++ b/2005/1xxx/CVE-2005-1326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=323254", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=323254" - }, - { - "name" : "15830", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15830" - }, - { - "name" : "15110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=323254", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=323254" + }, + { + "name": "15830", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15830" + }, + { + "name": "15110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15110" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1511.json b/2005/1xxx/CVE-2005-1511.json index 8034d184ef0..2414fbe3787 100644 --- a/2005/1xxx/CVE-2005-1511.json +++ b/2005/1xxx/CVE-2005-1511.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111565808024581&w=2" - }, - { - "name" : "16235", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16235" - }, - { - "name" : "15315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15315" - }, - { - "name" : "pwsphp-cookie-spoof-identity(20503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16235", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16235" + }, + { + "name": "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111565808024581&w=2" + }, + { + "name": "pwsphp-cookie-spoof-identity(20503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20503" + }, + { + "name": "15315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15315" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1535.json b/2005/1xxx/CVE-2005-1535.json index 3c614408fed..a91ca463698 100644 --- a/2005/1xxx/CVE-2005-1535.json +++ b/2005/1xxx/CVE-2005-1535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1914.json b/2005/1xxx/CVE-2005-1914.json index b3075a985f2..744a15b94e7 100644 --- a/2005/1xxx/CVE-2005-1914.json +++ b/2005/1xxx/CVE-2005-1914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zataz.net/adviso/centericq-06152005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/centericq-06152005.txt" - }, - { - "name" : "DSA-754", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-754" - }, - { - "name" : "14144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zataz.net/adviso/centericq-06152005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/centericq-06152005.txt" + }, + { + "name": "DSA-754", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-754" + }, + { + "name": "14144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14144" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0361.json b/2009/0xxx/CVE-2009-0361.json index 7ec25e5e16d..7c8f630c983 100644 --- a/2009/0xxx/CVE-2009-0361.json +++ b/2009/0xxx/CVE-2009-0361.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090211 pam-krb5 security advisory (3.12 and earlier)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500892/100/0/threaded" - }, - { - "name" : "http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html", - "refsource" : "MISC", - "url" : "http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm" - }, - { - "name" : "DSA-1721", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1721" - }, - { - "name" : "DSA-1722", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1722" - }, - { - "name" : "GLSA-200903-39", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-39.xml" - }, - { - "name" : "252767", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1" - }, - { - "name" : "USN-719-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-719-1" - }, - { - "name" : "33741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33741" - }, - { - "name" : "oval:org.mitre.oval:def:5403", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403" - }, - { - "name" : "oval:org.mitre.oval:def:5521", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521" - }, - { - "name" : "34260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34260" - }, - { - "name" : "34449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34449" - }, - { - "name" : "ADV-2009-0410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0410" - }, - { - "name" : "ADV-2009-0426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0426" - }, - { - "name" : "1021711", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021711" - }, - { - "name" : "33914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33914" - }, - { - "name" : "33917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33917" - }, - { - "name" : "33918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33918" - }, - { - "name" : "ADV-2009-0979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5521", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521" + }, + { + "name": "34260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34260" + }, + { + "name": "252767", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1" + }, + { + "name": "33914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33914" + }, + { + "name": "USN-719-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-719-1" + }, + { + "name": "DSA-1722", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1722" + }, + { + "name": "33918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33918" + }, + { + "name": "ADV-2009-0426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0426" + }, + { + "name": "1021711", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021711" + }, + { + "name": "ADV-2009-0410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0410" + }, + { + "name": "oval:org.mitre.oval:def:5403", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm" + }, + { + "name": "34449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34449" + }, + { + "name": "33917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33917" + }, + { + "name": "DSA-1721", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1721" + }, + { + "name": "20090211 pam-krb5 security advisory (3.12 and earlier)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500892/100/0/threaded" + }, + { + "name": "http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html", + "refsource": "MISC", + "url": "http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html" + }, + { + "name": "GLSA-200903-39", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-39.xml" + }, + { + "name": "33741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33741" + }, + { + "name": "ADV-2009-0979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0979" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0439.json b/2009/0xxx/CVE-2009-0439.json index 1c58851c9f9..c78b6089672 100644 --- a/2009/0xxx/CVE-2009-0439.json +++ b/2009/0xxx/CVE-2009-0439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", - "refsource" : "MISC", - "url" : "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037" - }, - { - "name" : "IZ40824", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824" - }, - { - "name" : "33857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33857" - }, - { - "name" : "52297", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52297" - }, - { - "name" : "34034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34034" - }, - { - "name" : "websphere-mq-privilege-escalation(48529)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037", + "refsource": "MISC", + "url": "http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037" + }, + { + "name": "33857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33857" + }, + { + "name": "52297", + "refsource": "OSVDB", + "url": "http://osvdb.org/52297" + }, + { + "name": "34034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34034" + }, + { + "name": "websphere-mq-privilege-escalation(48529)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48529" + }, + { + "name": "IZ40824", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0743.json b/2009/0xxx/CVE-2009-0743.json index a48a1ff298d..4631c1468ec 100644 --- a/2009/0xxx/CVE-2009-0743.json +++ b/2009/0xxx/CVE-2009-0743.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090225 Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501251/30/0/threaded" - }, - { - "name" : "20090226 Cisco Unified MeetingPlace Stored Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html" - }, - { - "name" : "33915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33915" - }, - { - "name" : "1021778", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021778" - }, - { - "name" : "cisco-meetingplace-emailaddress-xss(48965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33915" + }, + { + "name": "1021778", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021778" + }, + { + "name": "cisco-meetingplace-emailaddress-xss(48965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48965" + }, + { + "name": "20090226 Cisco Unified MeetingPlace Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html" + }, + { + "name": "20090225 Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501251/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1240.json b/2009/1xxx/CVE-2009-1240.json index dc6a8d410e2..22d688edf1d 100644 --- a/2009/1xxx/CVE-2009-1240.json +++ b/2009/1xxx/CVE-2009-1240.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502369/100/0/threaded" - }, - { - "name" : "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504987/100/0/threaded" - }, - { - "name" : "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504995/100/0/threaded" - }, - { - "name" : "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504992/100/0/threaded" - }, - { - "name" : "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html" - }, - { - "name" : "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", - "refsource" : "MISC", - "url" : "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417" - }, - { - "name" : "34345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090716 Re: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded" + }, + { + "name": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html" + }, + { + "name": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417", + "refsource": "MISC", + "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417" + }, + { + "name": "34345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34345" + }, + { + "name": "20090715 Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded" + }, + { + "name": "20090402 [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded" + }, + { + "name": "20090716 Re[2]: Update: [TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see details)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1317.json b/2009/1xxx/CVE-2009-1317.json index 83fb756429b..d778493f7a5 100644 --- a/2009/1xxx/CVE-2009-1317.json +++ b/2009/1xxx/CVE-2009-1317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8432", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8432" - }, - { - "name" : "34516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34516" - }, - { - "name" : "34720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8432", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8432" + }, + { + "name": "34720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34720" + }, + { + "name": "34516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34516" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1341.json b/2009/1xxx/CVE-2009-1341.json index 6dc7854fbd7..0ef2297943d 100644 --- a/2009/1xxx/CVE-2009-1341.json +++ b/2009/1xxx/CVE-2009-1341.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/cve/2009-1341", - "refsource" : "MISC", - "url" : "https://launchpad.net/bugs/cve/2009-1341" - }, - { - "name" : "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes" - }, - { - "name" : "http://rt.cpan.org/Public/Bug/Display.html?id=21392", - "refsource" : "CONFIRM", - "url" : "http://rt.cpan.org/Public/Bug/Display.html?id=21392" - }, - { - "name" : "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz" - }, - { - "name" : "DSA-1780", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1780" - }, - { - "name" : "RHSA-2009:0479", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0479.html" - }, - { - "name" : "RHSA-2009:1067", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1067.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "34757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34757" - }, - { - "name" : "oval:org.mitre.oval:def:9680", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680" - }, - { - "name" : "34909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34909" - }, - { - "name" : "35058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35058" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "libdbdpgperl-dequotebytea-dos(50387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2009:1067", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html" + }, + { + "name": "34757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34757" + }, + { + "name": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1341", + "refsource": "MISC", + "url": "https://launchpad.net/bugs/cve/2009-1341" + }, + { + "name": "34909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34909" + }, + { + "name": "RHSA-2009:0479", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "oval:org.mitre.oval:def:9680", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680" + }, + { + "name": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes" + }, + { + "name": "DSA-1780", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1780" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "35058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35058" + }, + { + "name": "http://rt.cpan.org/Public/Bug/Display.html?id=21392", + "refsource": "CONFIRM", + "url": "http://rt.cpan.org/Public/Bug/Display.html?id=21392" + }, + { + "name": "libdbdpgperl-dequotebytea-dos(50387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50387" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1499.json b/2009/1xxx/CVE-2009-1499.json index c6d0c78fd4a..a5e7d998b07 100644 --- a/2009/1xxx/CVE-2009-1499.json +++ b/2009/1xxx/CVE-2009-1499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8366", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8366" - }, - { - "name" : "34433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8366", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8366" + }, + { + "name": "34433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34433" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1961.json b/2009/1xxx/CVE-2009-1961.json index 746d95945fd..b069fd03e6b 100644 --- a/2009/1xxx/CVE-2009-1961.json +++ b/2009/1xxx/CVE-2009-1961.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090529 CVE request: kernel: splice local denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/29/2" - }, - { - "name" : "[oss-security] 20090530 Re: CVE request: kernel: splice local denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/30/1" - }, - { - "name" : "[oss-security] 20090602 Re: CVE request: kernel: splice local denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/02/2" - }, - { - "name" : "[oss-security] 20090603 Re: CVE request: kernel: splice local denial of service", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/03/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17" - }, - { - "name" : "DSA-1844", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1844" - }, - { - "name" : "MDVSA-2009:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" - }, - { - "name" : "MDVSA-2009:148", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148" - }, - { - "name" : "RHSA-2009:1157", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1157.html" - }, - { - "name" : "SUSE-SA:2009:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" - }, - { - "name" : "SUSE-SA:2009:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html" - }, - { - "name" : "USN-793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-793-1" - }, - { - "name" : "35143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35143" - }, - { - "name" : "1022307", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022307" - }, - { - "name" : "35390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35390" - }, - { - "name" : "35394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35394" - }, - { - "name" : "36051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36051" - }, - { - "name" : "35847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35847" - }, - { - "name" : "35656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35390" + }, + { + "name": "MDVSA-2009:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" + }, + { + "name": "MDVSA-2009:148", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148" + }, + { + "name": "35656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35656" + }, + { + "name": "DSA-1844", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1844" + }, + { + "name": "1022307", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022307" + }, + { + "name": "[oss-security] 20090602 Re: CVE request: kernel: splice local denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/02/2" + }, + { + "name": "RHSA-2009:1157", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html" + }, + { + "name": "SUSE-SA:2009:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" + }, + { + "name": "36051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36051" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17" + }, + { + "name": "SUSE-SA:2009:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" + }, + { + "name": "USN-793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-793-1" + }, + { + "name": "[oss-security] 20090530 Re: CVE request: kernel: splice local denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/30/1" + }, + { + "name": "35143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35143" + }, + { + "name": "[oss-security] 20090603 Re: CVE request: kernel: splice local denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/03/1" + }, + { + "name": "[oss-security] 20090529 CVE request: kernel: splice local denial of service", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/29/2" + }, + { + "name": "SUSE-SA:2009:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html" + }, + { + "name": "35394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35394" + }, + { + "name": "35847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35847" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2453.json b/2012/2xxx/CVE-2012-2453.json index 0b3f8fe1e8a..de9e65bc67d 100644 --- a/2012/2xxx/CVE-2012-2453.json +++ b/2012/2xxx/CVE-2012-2453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2588.json b/2012/2xxx/CVE-2012-2588.json index 9dee7c944c5..1e7400c0aa3 100644 --- a/2012/2xxx/CVE-2012-2588.json +++ b/2012/2xxx/CVE-2012-2588.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20351", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20351" - }, - { - "name" : "54900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54900" - }, - { - "name" : "84589", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84589" - }, - { - "name" : "50205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50205" - }, - { - "name" : "mailenable-multiple-fields-xss(77547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mailenable-multiple-fields-xss(77547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77547" + }, + { + "name": "54900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54900" + }, + { + "name": "84589", + "refsource": "OSVDB", + "url": "http://osvdb.org/84589" + }, + { + "name": "50205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50205" + }, + { + "name": "20351", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20351" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2597.json b/2012/2xxx/CVE-2012-2597.json index cd806b96ad2..e0104a6a152 100644 --- a/2012/2xxx/CVE-2012-2597.json +++ b/2012/2xxx/CVE-2012-2597.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3043.json b/2012/3xxx/CVE-2012-3043.json index f7d6e864253..9238ad2f77c 100644 --- a/2012/3xxx/CVE-2012-3043.json +++ b/2012/3xxx/CVE-2012-3043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3391.json b/2012/3xxx/CVE-2012-3391.json index 40cffe0ffcd..e1856c52e38 100644 --- a/2012/3xxx/CVE-2012-3391.json +++ b/2012/3xxx/CVE-2012-3391.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120717 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/07/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199" - }, - { - "name" : "54481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54481" - }, - { - "name" : "49890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49890" - }, - { - "name" : "moodle-rss-feeds-info-disc(76957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "moodle-rss-feeds-info-disc(76957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76957" + }, + { + "name": "49890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49890" + }, + { + "name": "[oss-security] 20120717 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/07/17/1" + }, + { + "name": "54481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54481" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3593.json b/2012/3xxx/CVE-2012-3593.json index da9d8e4dd5d..47db10772c7 100644 --- a/2012/3xxx/CVE-2012-3593.json +++ b/2012/3xxx/CVE-2012-3593.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3699.json b/2012/3xxx/CVE-2012-3699.json index 4a31d3b5d34..3db06d19b0a 100644 --- a/2012/3xxx/CVE-2012-3699.json +++ b/2012/3xxx/CVE-2012-3699.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85381", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85381" - }, - { - "name" : "oval:org.mitre.oval:def:17288", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17288" - }, - { - "name" : "apple-itunes-webkit-cve20123699(78560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:17288", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17288" + }, + { + "name": "85381", + "refsource": "OSVDB", + "url": "http://osvdb.org/85381" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "apple-itunes-webkit-cve20123699(78560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78560" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3992.json b/2012/3xxx/CVE-2012-3992.json index 7b68c9641de..3cd5e8cf837 100644 --- a/2012/3xxx/CVE-2012-3992.json +++ b/2012/3xxx/CVE-2012-3992.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775009", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775009" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "56128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56128" - }, - { - "name" : "oval:org.mitre.oval:def:16987", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16987" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-84.html" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "oval:org.mitre.oval:def:16987", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16987" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "56128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56128" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775009", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775009" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4010.json b/2012/4xxx/CVE-2012-4010.json index 61139ebce02..6f4dab5f4d7 100644 --- a/2012/4xxx/CVE-2012-4010.json +++ b/2012/4xxx/CVE-2012-4010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/1160/", - "refsource" : "MISC", - "url" : "http://www.opera.com/docs/changelogs/windows/1160/" - }, - { - "name" : "JVN#69880570", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN69880570/index.html" - }, - { - "name" : "JVNDB-2012-000080", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000080", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000080" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1160/", + "refsource": "MISC", + "url": "http://www.opera.com/docs/changelogs/windows/1160/" + }, + { + "name": "JVN#69880570", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN69880570/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4313.json b/2012/4xxx/CVE-2012-4313.json index c3c52ba62a1..423a49a3537 100644 --- a/2012/4xxx/CVE-2012-4313.json +++ b/2012/4xxx/CVE-2012-4313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4318.json b/2012/4xxx/CVE-2012-4318.json index d1d29194bbe..7152589e156 100644 --- a/2012/4xxx/CVE-2012-4318.json +++ b/2012/4xxx/CVE-2012-4318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6097.json b/2012/6xxx/CVE-2012-6097.json index b61cf3fc905..85683fad68d 100644 --- a/2012/6xxx/CVE-2012-6097.json +++ b/2012/6xxx/CVE-2012-6097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=893661", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=893661" - }, - { - "name" : "https://bugs.mageia.org/show_bug.cgi?id=8652", - "refsource" : "CONFIRM", - "url" : "https://bugs.mageia.org/show_bug.cgi?id=8652" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=786096", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=786096" - }, - { - "name" : "MDVSA-2013:033", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=786096", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=786096" + }, + { + "name": "MDVSA-2013:033", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:033" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=893661", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893661" + }, + { + "name": "https://bugs.mageia.org/show_bug.cgi?id=8652", + "refsource": "CONFIRM", + "url": "https://bugs.mageia.org/show_bug.cgi?id=8652" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6271.json b/2012/6xxx/CVE-2012-6271.json index c9ac5612366..42812f72310 100644 --- a/2012/6xxx/CVE-2012-6271.json +++ b/2012/6xxx/CVE-2012-6271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-6271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#519137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/519137" - }, - { - "name" : "VU#323161", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/323161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#519137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/519137" + }, + { + "name": "VU#323161", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/323161" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2095.json b/2017/2xxx/CVE-2017-2095.json index 4ef3642b85a..d1e7fd9a013 100644 --- a/2017/2xxx/CVE-2017-2095.json +++ b/2017/2xxx/CVE-2017-2095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9660", - "refsource" : "MISC", - "url" : "https://support.cybozu.com/ja-jp/article/9660" - }, - { - "name" : "JVN#73182875", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73182875/index.html" - }, - { - "name" : "96429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.cybozu.com/ja-jp/article/9660", + "refsource": "MISC", + "url": "https://support.cybozu.com/ja-jp/article/9660" + }, + { + "name": "JVN#73182875", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73182875/index.html" + }, + { + "name": "96429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96429" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6049.json b/2017/6xxx/CVE-2017-6049.json index eef32f97631..6fcf1562dad 100644 --- a/2017/6xxx/CVE-2017-6049.json +++ b/2017/6xxx/CVE-2017-6049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6183.json b/2017/6xxx/CVE-2017-6183.json index 7a20c197b6f..10cec45b84c 100644 --- a/2017/6xxx/CVE-2017-6183.json +++ b/2017/6xxx/CVE-2017-6183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", - "refsource" : "CONFIRM", - "url" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" - }, - { - "name" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", - "refsource" : "CONFIRM", - "url" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" - }, - { - "name" : "97261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", + "refsource": "CONFIRM", + "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" + }, + { + "name": "97261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97261" + }, + { + "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", + "refsource": "CONFIRM", + "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6828.json b/2017/6xxx/CVE-2017-6828.json index ef86168a58f..83f11ede417 100644 --- a/2017/6xxx/CVE-2017-6828.json +++ b/2017/6xxx/CVE-2017-6828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - }, - { - "name" : "97183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp/" + }, + { + "name": "97183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97183" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11223.json b/2018/11xxx/CVE-2018-11223.json index 7cf44253b89..73b8bc5db13 100644 --- a/2018/11xxx/CVE-2018-11223.json +++ b/2018/11xxx/CVE-2018-11223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted \"refr\" parameter in a \"/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=\" call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.hackercat.ninja/post/pandoras_box/", - "refsource" : "MISC", - "url" : "https://blog.hackercat.ninja/post/pandoras_box/" - }, - { - "name" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf", - "refsource" : "CONFIRM", - "url" : "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted \"refr\" parameter in a \"/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=\" call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf", + "refsource": "CONFIRM", + "url": "https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf" + }, + { + "name": "https://blog.hackercat.ninja/post/pandoras_box/", + "refsource": "MISC", + "url": "https://blog.hackercat.ninja/post/pandoras_box/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11729.json b/2018/11xxx/CVE-2018-11729.json index 7667e519815..6a55db59094 100644 --- a/2018/11xxx/CVE-2018-11729.json +++ b/2018/11xxx/CVE-2018-11729.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180608 libfsntfs 20180420 vulns", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/17" - }, - { - "name" : "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html" + }, + { + "name": "20180608 libfsntfs 20180420 vulns", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/17" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11931.json b/2018/11xxx/CVE-2018-11931.json index 4825874d3c6..74c917dba60 100644 --- a/2018/11xxx/CVE-2018-11931.json +++ b/2018/11xxx/CVE-2018-11931.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106845" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11941.json b/2018/11xxx/CVE-2018-11941.json index 01ea275f7f3..2c0ac165c10 100644 --- a/2018/11xxx/CVE-2018-11941.json +++ b/2018/11xxx/CVE-2018-11941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14124.json b/2018/14xxx/CVE-2018-14124.json index 2b16340dce8..392ad4e4472 100644 --- a/2018/14xxx/CVE-2018-14124.json +++ b/2018/14xxx/CVE-2018-14124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14695.json b/2018/14xxx/CVE-2018-14695.json index 0f94cefbae8..0cc31b2d1cc 100644 --- a/2018/14xxx/CVE-2018-14695.json +++ b/2018/14xxx/CVE-2018-14695.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the \"name\" URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the \"name\" URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14823.json b/2018/14xxx/CVE-2018-14823.json index 1416e3f08dc..d16349fe63c 100644 --- a/2018/14xxx/CVE-2018-14823.json +++ b/2018/14xxx/CVE-2018-14823.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-14823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V-Server", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.3.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-14823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "V-Server", + "version": { + "version_data": [ + { + "version_value": "4.0.3.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" - }, - { - "name" : "105341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" + }, + { + "name": "105341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105341" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14926.json b/2018/14xxx/CVE-2018-14926.json index cbbbb7c58d4..ccda46c62c1 100644 --- a/2018/14xxx/CVE-2018-14926.json +++ b/2018/14xxx/CVE-2018-14926.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15647.json b/2018/15xxx/CVE-2018-15647.json index 7eb6684f682..af0f11f2742 100644 --- a/2018/15xxx/CVE-2018-15647.json +++ b/2018/15xxx/CVE-2018-15647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15647", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15647", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15658.json b/2018/15xxx/CVE-2018-15658.json index 0029afd7b28..ed4d28f18d2 100644 --- a/2018/15xxx/CVE-2018-15658.json +++ b/2018/15xxx/CVE-2018-15658.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/", - "refsource" : "MISC", - "url" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/", + "refsource": "MISC", + "url": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15710.json b/2018/15xxx/CVE-2018-15710.json index b834ef554c6..cf4c8c3137b 100644 --- a/2018/15xxx/CVE-2018-15710.json +++ b/2018/15xxx/CVE-2018-15710.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-11-13T00:00:00", - "ID" : "CVE-2018-15710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nagios XI", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "Nagios" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-11-13T00:00:00", + "ID": "CVE-2018-15710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nagios XI", + "version": { + "version_data": [ + { + "version_value": "5.5.6" + } + ] + } + } + ] + }, + "vendor_name": "Nagios" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46221", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46221/" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2018-37", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-37" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46221", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46221/" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-37", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-37" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15955.json b/2018/15xxx/CVE-2018-15955.json index 5cfb37dfb87..b7c88352c04 100644 --- a/2018/15xxx/CVE-2018-15955.json +++ b/2018/15xxx/CVE-2018-15955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105432" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105432" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20059.json b/2018/20xxx/CVE-2018-20059.json index 05ea9109e6e..fd00eeed4a7 100644 --- a/2018/20xxx/CVE-2018-20059.json +++ b/2018/20xxx/CVE-2018-20059.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pippo-java/pippo/issues/486", - "refsource" : "CONFIRM", - "url" : "https://github.com/pippo-java/pippo/issues/486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pippo-java/pippo/issues/486", + "refsource": "CONFIRM", + "url": "https://github.com/pippo-java/pippo/issues/486" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20345.json b/2018/20xxx/CVE-2018-20345.json index 351ced703e9..0b5b9749324 100644 --- a/2018/20xxx/CVE-2018-20345.json +++ b/2018/20xxx/CVE-2018-20345.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys \"?scope=all\" and \"?user=\" query filter parameters. Enterprise editions with RBAC enabled are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://stackstorm.com/2018/12/20/stackstorm-v2-9-2-and-v2-10-1-a-security-release/", - "refsource" : "MISC", - "url" : "https://stackstorm.com/2018/12/20/stackstorm-v2-9-2-and-v2-10-1-a-security-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys \"?scope=all\" and \"?user=\" query filter parameters. Enterprise editions with RBAC enabled are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://stackstorm.com/2018/12/20/stackstorm-v2-9-2-and-v2-10-1-a-security-release/", + "refsource": "MISC", + "url": "https://stackstorm.com/2018/12/20/stackstorm-v2-9-2-and-v2-10-1-a-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20597.json b/2018/20xxx/CVE-2018-20597.json index 8bde9495833..88b83c7b5ad 100644 --- a/2018/20xxx/CVE-2018-20597.json +++ b/2018/20xxx/CVE-2018-20597.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss1", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss1", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/ucms.md#xss1" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20706.json b/2018/20xxx/CVE-2018-20706.json index a5f2a922896..17c007a53e7 100644 --- a/2018/20xxx/CVE-2018-20706.json +++ b/2018/20xxx/CVE-2018-20706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8987.json b/2018/8xxx/CVE-2018-8987.json index b3d9fec8fee..badb381a28a 100644 --- a/2018/8xxx/CVE-2018-8987.json +++ b/2018/8xxx/CVE-2018-8987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file