diff --git a/2002/0xxx/CVE-2002-0092.json b/2002/0xxx/CVE-2002-0092.json index 1d1580f1ff0..65c2047c0cb 100644 --- a/2002/0xxx/CVE-2002-0092.json +++ b/2002/0xxx/CVE-2002-0092.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020220 Help needed with bufferoverflow in cvs", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101422243817321&w=2" - }, - { - "name" : "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101433077724524&w=2" - }, - { - "name" : "DSA-117", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-117" - }, - { - "name" : "RHSA-2002:026", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-026.html" - }, - { - "name" : "4234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4234" - }, - { - "name" : "cvs-global-var-dos(8366)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8366.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4234" + }, + { + "name": "20020220 Help needed with bufferoverflow in cvs", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101422243817321&w=2" + }, + { + "name": "20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101433077724524&w=2" + }, + { + "name": "RHSA-2002:026", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html" + }, + { + "name": "cvs-global-var-dos(8366)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8366.php" + }, + { + "name": "DSA-117", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-117" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0809.json b/2002/0xxx/CVE-2002-0809.json index c562281c1a9..c91db0a6fd9 100644 --- a/2002/0xxx/CVE-2002-0809.json +++ b/2002/0xxx/CVE-2002-0809.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=148674", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=148674" - }, - { - "name" : "RHSA-2002:109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-109.html" - }, - { - "name" : "4964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4964" - }, - { - "name" : "bugzilla-group-permissions-removal(10141)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10141.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4964" + }, + { + "name": "20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=148674", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=148674" + }, + { + "name": "bugzilla-group-permissions-removal(10141)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10141.php" + }, + { + "name": "RHSA-2002:109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-109.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2188.json b/2002/2xxx/CVE-2002-2188.json index a3837142a7e..d90fae2d600 100644 --- a/2002/2xxx/CVE-2002-2188.json +++ b/2002/2xxx/CVE-2002-2188.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openbsd.org/errata31.html#kernresource", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata31.html#kernresource" - }, - { - "name" : "http://www.openbsd.org/errata30.html#kernresource", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata30.html#kernresource" - }, - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch" - }, - { - "name" : "openbsd-getrlimit-dos(10572)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10572.php" - }, - { - "name" : "6124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openbsd.org/errata31.html#kernresource", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata31.html#kernresource" + }, + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch" + }, + { + "name": "6124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6124" + }, + { + "name": "http://www.openbsd.org/errata30.html#kernresource", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata30.html#kernresource" + }, + { + "name": "openbsd-getrlimit-dos(10572)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10572.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0453.json b/2005/0xxx/CVE-2005-0453.json index 419ddb59fa9..903359a00a8 100644 --- a/2005/0xxx/CVE-2005-0453.json +++ b/2005/0xxx/CVE-2005-0453.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://article.gmane.org/gmane.comp.web.lighttpd/1171", - "refsource" : "CONFIRM", - "url" : "http://article.gmane.org/gmane.comp.web.lighttpd/1171" - }, - { - "name" : "GLSA-200502-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200502-21.xml" - }, - { - "name" : "14297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200502-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200502-21.xml" + }, + { + "name": "14297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14297" + }, + { + "name": "http://article.gmane.org/gmane.comp.web.lighttpd/1171", + "refsource": "CONFIRM", + "url": "http://article.gmane.org/gmane.comp.web.lighttpd/1171" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0654.json b/2005/0xxx/CVE-2005-0654.json index 86a1903a849..c9543e3e79d 100644 --- a/2005/0xxx/CVE-2005-0654.json +++ b/2005/0xxx/CVE-2005-0654.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050304 GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110995346018830&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050304 GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110995346018830&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1085.json b/2005/1xxx/CVE-2005-1085.json index 33c3202fc51..2369f622764 100644 --- a/2005/1xxx/CVE-2005-1085.json +++ b/2005/1xxx/CVE-2005-1085.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14913" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1387.json b/2005/1xxx/CVE-2005-1387.json index 3e466389c12..063777fcf17 100644 --- a/2005/1xxx/CVE-2005-1387.json +++ b/2005/1xxx/CVE-2005-1387.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050429 Mac OS X Cocktail 3.5.4 admin password disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111480898530362&w=2" - }, - { - "name" : "13449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13449" - }, - { - "name" : "16046", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16046" - }, - { - "name" : "15201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13449" + }, + { + "name": "20050429 Mac OS X Cocktail 3.5.4 admin password disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111480898530362&w=2" + }, + { + "name": "16046", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16046" + }, + { + "name": "15201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15201" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1520.json b/2005/1xxx/CVE-2005-1520.json index 1688c5a59a2..8a017e970bf 100644 --- a/2005/1xxx/CVE-2005-1520.json +++ b/2005/1xxx/CVE-2005-1520.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=249&type=vulnerabilities" - }, - { - "name" : "DSA-732", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-732" - }, - { - "name" : "13766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13766" - }, - { - "name" : "1014052", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014052" - }, - { - "name" : "15442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014052", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014052" + }, + { + "name": "13766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13766" + }, + { + "name": "15442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15442" + }, + { + "name": "DSA-732", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-732" + }, + { + "name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=249&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1767.json b/2005/1xxx/CVE-2005-1767.json index 28369f81576..4f4d35e1286 100644 --- a/2005/1xxx/CVE-2005-1767.json +++ b/2005/1xxx/CVE-2005-1767.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e" - }, - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "DSA-921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-921" - }, - { - "name" : "MDKSA-2006:044", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "SUSE-SA:2005:044", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_44_kernel.html" - }, - { - "name" : "USN-187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-187-1" - }, - { - "name" : "14467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14467" - }, - { - "name" : "oval:org.mitre.oval:def:11101", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11101" - }, - { - "name" : "ADV-2005-1878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1878" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18059" - }, - { - "name" : "18977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18977" - }, - { - "name" : "17002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "USN-187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-187-1" + }, + { + "name": "18977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18977" + }, + { + "name": "18059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18059" + }, + { + "name": "MDKSA-2006:044", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "14467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14467" + }, + { + "name": "DSA-921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-921" + }, + { + "name": "17002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17002" + }, + { + "name": "SUSE-SA:2005:044", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_44_kernel.html" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "ADV-2005-1878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1878" + }, + { + "name": "oval:org.mitre.oval:def:11101", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11101" + }, + { + "name": "http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e", + "refsource": "CONFIRM", + "url": "http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=51e31546a2fc46cb978da2ee0330a6a68f07541e" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0268.json b/2009/0xxx/CVE-2009-0268.json index 6bc4136383d..1a4687e7126 100644 --- a/2009/0xxx/CVE-2009-0268.json +++ b/2009/0xxx/CVE-2009-0268.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of \"properly sequenced code\" in ptc and ptsl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm" - }, - { - "name" : "249586", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1" - }, - { - "name" : "33406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33406" - }, - { - "name" : "oval:org.mitre.oval:def:6061", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6061" - }, - { - "name" : "1021640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021640" - }, - { - "name" : "33708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33708" - }, - { - "name" : "solaris-pseudo-terminal-dos(48179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of \"properly sequenced code\" in ptc and ptsl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-034.htm" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113685-07-1" + }, + { + "name": "33406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33406" + }, + { + "name": "1021640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021640" + }, + { + "name": "oval:org.mitre.oval:def:6061", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6061" + }, + { + "name": "solaris-pseudo-terminal-dos(48179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48179" + }, + { + "name": "249586", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1" + }, + { + "name": "33708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33708" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0571.json b/2009/0xxx/CVE-2009-0571.json index b55b8df49d0..58d4cf64cef 100644 --- a/2009/0xxx/CVE-2009-0571.json +++ b/2009/0xxx/CVE-2009-0571.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8001", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8001" - }, - { - "name" : "33682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33682" + }, + { + "name": "8001", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8001" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0845.json b/2009/0xxx/CVE-2009-0845.json index 5a354751969..44367d3670f 100644 --- a/2009/0xxx/CVE-2009-0845.json +++ b/2009/0xxx/CVE-2009-0845.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502526/100/0/threaded" - }, - { - "name" : "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502546/100/0/threaded" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058", - "refsource" : "MISC", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html", - "refsource" : "MISC", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html", - "refsource" : "MISC", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html" - }, - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402" - }, - { - "name" : "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084", - "refsource" : "CONFIRM", - "url" : "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084" - }, - { - "name" : "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084", - "refsource" : "CONFIRM", - "url" : "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "FEDORA-2009-2834", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html" - }, - { - "name" : "FEDORA-2009-2852", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html" - }, - { - "name" : "GLSA-200904-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-09.xml" - }, - { - "name" : "MDVSA-2009:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082" - }, - { - "name" : "RHSA-2009:0408", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0408.html" - }, - { - "name" : "256728", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1" - }, - { - "name" : "USN-755-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-755-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "VU#662091", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/662091" - }, - { - "name" : "34257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34257" - }, - { - "name" : "oval:org.mitre.oval:def:10044", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044" - }, - { - "name" : "oval:org.mitre.oval:def:6449", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449" - }, - { - "name" : "1021867", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021867" - }, - { - "name" : "34347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34347" - }, - { - "name" : "34640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34640" - }, - { - "name" : "34594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34594" - }, - { - "name" : "34617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34617" - }, - { - "name" : "34622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34622" - }, - { - "name" : "34630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34630" - }, - { - "name" : "34637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34637" - }, - { - "name" : "34628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34628" - }, - { - "name" : "34734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34734" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-0847", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0847" - }, - { - "name" : "ADV-2009-0976", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0976" - }, - { - "name" : "ADV-2009-1106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1106" - }, - { - "name" : "ADV-2009-1057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1057" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2009-2248", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2248" - }, - { - "name" : "kerberos-spnego-dos(49448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html", + "refsource": "MISC", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html" + }, + { + "name": "20090407 MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502526/100/0/threaded" + }, + { + "name": "VU#662091", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/662091" + }, + { + "name": "34257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34257" + }, + { + "name": "ADV-2009-0847", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0847" + }, + { + "name": "34347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34347" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm" + }, + { + "name": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084", + "refsource": "CONFIRM", + "url": "http://src.mit.edu/fisheye/browse/krb5/trunk/src/lib/gssapi/spnego/spnego_mech.c?r1=21875&r2=22084" + }, + { + "name": "RHSA-2009:0408", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html" + }, + { + "name": "34637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34637" + }, + { + "name": "34640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34640" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "MDVSA-2009:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:082" + }, + { + "name": "256728", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1" + }, + { + "name": "GLSA-200904-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html", + "refsource": "MISC", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html" + }, + { + "name": "ADV-2009-0976", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0976" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "USN-755-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-755-1" + }, + { + "name": "34630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34630" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120" + }, + { + "name": "ADV-2009-1057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1057" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt" + }, + { + "name": "34617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34617" + }, + { + "name": "34628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34628" + }, + { + "name": "34734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34734" + }, + { + "name": "kerberos-spnego-dos(49448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49448" + }, + { + "name": "oval:org.mitre.oval:def:6449", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6449" + }, + { + "name": "ADV-2009-2248", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2248" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058", + "refsource": "MISC", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "34622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34622" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6402" + }, + { + "name": "FEDORA-2009-2852", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html" + }, + { + "name": "1021867", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021867" + }, + { + "name": "FEDORA-2009-2834", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058" + }, + { + "name": "oval:org.mitre.oval:def:10044", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10044" + }, + { + "name": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084", + "refsource": "CONFIRM", + "url": "http://src.mit.edu/fisheye/changelog/krb5/?cs=22084" + }, + { + "name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded" + }, + { + "name": "34594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34594" + }, + { + "name": "ADV-2009-1106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1106" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1102.json b/2009/1xxx/CVE-2009-1102.json index f3a90c1c79b..59d666d48f3 100644 --- a/2009/1xxx/CVE-2009-1102.json +++ b/2009/1xxx/CVE-2009-1102.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" - }, - { - "name" : "MDVSA-2009:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" - }, - { - "name" : "MDVSA-2009:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" - }, - { - "name" : "RHSA-2009:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" - }, - { - "name" : "RHSA-2009:0377", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" - }, - { - "name" : "254610", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1" - }, - { - "name" : "SUSE-SA:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" - }, - { - "name" : "USN-748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-748-1" - }, - { - "name" : "34240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34240" - }, - { - "name" : "oval:org.mitre.oval:def:10300", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300" - }, - { - "name" : "oval:org.mitre.oval:def:6722", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722" - }, - { - "name" : "1021919", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021919" - }, - { - "name" : "34489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34489" - }, - { - "name" : "34496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34496" - }, - { - "name" : "34632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34632" - }, - { - "name" : "35223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35223" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6722", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722" + }, + { + "name": "MDVSA-2009:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" + }, + { + "name": "34632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34632" + }, + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "SUSE-SA:2009:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "34489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34489" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2" + }, + { + "name": "254610", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1" + }, + { + "name": "RHSA-2009:0377", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "1021919", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021919" + }, + { + "name": "MDVSA-2009:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "RHSA-2009:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html" + }, + { + "name": "oval:org.mitre.oval:def:10300", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300" + }, + { + "name": "35223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35223" + }, + { + "name": "34240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34240" + }, + { + "name": "34496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34496" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "USN-748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-748-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "SUSE-SA:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1345.json b/2009/1xxx/CVE-2009-1345.json index 0af91a094e2..584ae084040 100644 --- a/2009/1xxx/CVE-2009-1345.json +++ b/2009/1xxx/CVE-2009-1345.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8455", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8455" - }, - { - "name" : "34556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34556" - }, - { - "name" : "1022082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022082" - }, - { - "name" : "cpcommerce-document-sql-injection(49901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022082" + }, + { + "name": "8455", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8455" + }, + { + "name": "34556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34556" + }, + { + "name": "cpcommerce-document-sql-injection(49901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49901" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1398.json b/2009/1xxx/CVE-2009-1398.json index cd9a328926f..b6cdde9d745 100644 --- a/2009/1xxx/CVE-2009-1398.json +++ b/2009/1xxx/CVE-2009-1398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1649.json b/2009/1xxx/CVE-2009-1649.json index a4890748b23..cbf4a2874ae 100644 --- a/2009/1xxx/CVE-2009-1649.json +++ b/2009/1xxx/CVE-2009-1649.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8680", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8680" - }, - { - "name" : "34968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34968" - }, - { - "name" : "35059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34968" + }, + { + "name": "8680", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8680" + }, + { + "name": "35059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35059" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1734.json b/2009/1xxx/CVE-2009-1734.json index 32a986147d2..07d902380aa 100644 --- a/2009/1xxx/CVE-2009-1734.json +++ b/2009/1xxx/CVE-2009-1734.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8737", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8737" - }, - { - "name" : "35033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35033" - }, - { - "name" : "54598", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54598" - }, - { - "name" : "35149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8737", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8737" + }, + { + "name": "54598", + "refsource": "OSVDB", + "url": "http://osvdb.org/54598" + }, + { + "name": "35149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35149" + }, + { + "name": "35033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35033" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1907.json b/2009/1xxx/CVE-2009-1907.json index a7cbc7ef150..c1b84643352 100644 --- a/2009/1xxx/CVE-2009-1907.json +++ b/2009/1xxx/CVE-2009-1907.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090508 Claroline v.1.8.11 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503365/100/0/threaded" - }, - { - "name" : "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html" - }, - { - "name" : "http://forum.claroline.net/viewtopic.php?f=69&t=16193&p=42102#p42099", - "refsource" : "CONFIRM", - "url" : "http://forum.claroline.net/viewtopic.php?f=69&t=16193&p=42102#p42099" - }, - { - "name" : "34883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34883" - }, - { - "name" : "1022198", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022198" - }, - { - "name" : "35019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35019" - }, - { - "name" : "claroline-notfound-xss(50404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35019" + }, + { + "name": "claroline-notfound-xss(50404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50404" + }, + { + "name": "20090508 Claroline v.1.8.11 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503365/100/0/threaded" + }, + { + "name": "1022198", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022198" + }, + { + "name": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html" + }, + { + "name": "http://forum.claroline.net/viewtopic.php?f=69&t=16193&p=42102#p42099", + "refsource": "CONFIRM", + "url": "http://forum.claroline.net/viewtopic.php?f=69&t=16193&p=42102#p42099" + }, + { + "name": "34883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34883" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5020.json b/2009/5xxx/CVE-2009-5020.json index 9ad5eb05d3d..7d98d4e75c8 100644 --- a/2009/5xxx/CVE-2009-5020.json +++ b/2009/5xxx/CVE-2009-5020.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt", + "refsource": "CONFIRM", + "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0665.json b/2012/0xxx/CVE-2012-0665.json index db2a2e87963..7e9783b824a 100644 --- a/2012/0xxx/CVE-2012-0665.json +++ b/2012/0xxx/CVE-2012-0665.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5261", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5261" - }, - { - "name" : "APPLE-SA-2012-05-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" - }, - { - "name" : "53576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53576" - }, - { - "name" : "oval:org.mitre.oval:def:15938", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15938" - }, - { - "name" : "1027065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027065" + }, + { + "name": "oval:org.mitre.oval:def:15938", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15938" + }, + { + "name": "http://support.apple.com/kb/HT5261", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5261" + }, + { + "name": "53576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53576" + }, + { + "name": "APPLE-SA-2012-05-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2308.json b/2012/2xxx/CVE-2012-2308.json index 600f505a102..17163377e89 100644 --- a/2012/2xxx/CVE-2012-2308.json +++ b/2012/2xxx/CVE-2012-2308.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" - }, - { - "name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" - }, - { - "name" : "http://drupal.org/node/1557872", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1557872" - }, - { - "name" : "53345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53345" - }, - { - "name" : "drupal-taxonomygrid-unspecified-xss(75345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2" + }, + { + "name": "drupal-taxonomygrid-unspecified-xss(75345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75345" + }, + { + "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1" + }, + { + "name": "53345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53345" + }, + { + "name": "http://drupal.org/node/1557872", + "refsource": "MISC", + "url": "http://drupal.org/node/1557872" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2407.json b/2012/2xxx/CVE-2012-2407.json index 1ce98656253..42fc087ab18 100644 --- a/2012/2xxx/CVE-2012-2407.json +++ b/2012/2xxx/CVE-2012-2407.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/09072012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/09072012_player/en/" - }, - { - "name" : "realplayer-aac-data-bo(78384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "realplayer-aac-data-bo(78384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78384" + }, + { + "name": "http://service.real.com/realplayer/security/09072012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/09072012_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2772.json b/2012/2xxx/CVE-2012-2772.json index 93fe8afe9da..ac134152e9c 100644 --- a/2012/2xxx/CVE-2012-2772.json +++ b/2012/2xxx/CVE-2012-2772.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing with frame threading.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing with frame threading.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2998.json b/2012/2xxx/CVE-2012-2998.json index b878f473ccb..cdb4c05cf38 100644 --- a/2012/2xxx/CVE-2012-2998.json +++ b/2012/2xxx/CVE-2012-2998.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/" - }, - { - "name" : "http://esupport.trendmicro.com/solution/en-us/1061043.aspx", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/solution/en-us/1061043.aspx" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt" - }, - { - "name" : "VU#950795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/950795" - }, - { - "name" : "JVN#42014489", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN42014489/index.html" - }, - { - "name" : "JVNDB-2012-000090", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090" - }, - { - "name" : "1027584", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/", + "refsource": "MISC", + "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/" + }, + { + "name": "JVNDB-2012-000090", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt" + }, + { + "name": "1027584", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027584" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt" + }, + { + "name": "VU#950795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/950795" + }, + { + "name": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx" + }, + { + "name": "JVN#42014489", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN42014489/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3096.json b/2012/3xxx/CVE-2012-3096.json index 4de04542b94..a4d22dd672b 100644 --- a/2012/3xxx/CVE-2012-3096.json +++ b/2012/3xxx/CVE-2012-3096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/715cucrn.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/715cucrn.html" - }, - { - "name" : "cisco-uc-dos(78915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-uc-dos(78915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78915" + }, + { + "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/715cucrn.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/715cucrn.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3786.json b/2012/3xxx/CVE-2012-3786.json index 50e3bcfe7bc..9f1b190fb27 100644 --- a/2012/3xxx/CVE-2012-3786.json +++ b/2012/3xxx/CVE-2012-3786.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3786", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3786", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3943.json b/2012/3xxx/CVE-2012-3943.json index 32f08f7e3fc..97a390de97c 100644 --- a/2012/3xxx/CVE-2012-3943.json +++ b/2012/3xxx/CVE-2012-3943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4303.json b/2012/4xxx/CVE-2012-4303.json index 950243835a8..6c06ef41842 100644 --- a/2012/4xxx/CVE-2012-4303.json +++ b/2012/4xxx/CVE-2012-4303.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4516.json b/2012/4xxx/CVE-2012-4516.json index f52a513fd0a..525d432625a 100644 --- a/2012/4xxx/CVE-2012-4516.json +++ b/2012/4xxx/CVE-2012-4516.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121011 CVE Request -- librdmacm (one issue) / ibacm (two issues)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/11/6" - }, - { - "name" : "[oss-security] 20121011 Re: CVE Request -- librdmacm (one issue) / ibacm (two issues)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/11/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=865483", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=865483" - }, - { - "name" : "http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d", - "refsource" : "CONFIRM", - "url" : "http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d" - }, - { - "name" : "55896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=865483", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865483" + }, + { + "name": "[oss-security] 20121011 CVE Request -- librdmacm (one issue) / ibacm (two issues)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/6" + }, + { + "name": "http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d", + "refsource": "CONFIRM", + "url": "http://git.openfabrics.org/git?p=~shefty/librdmacm.git;a=commitdiff;h=4b5c1aa734e0e734fc2ba3cd41d0ddf02170af6d" + }, + { + "name": "[oss-security] 20121011 Re: CVE Request -- librdmacm (one issue) / ibacm (two issues)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/11/9" + }, + { + "name": "55896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55896" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6161.json b/2012/6xxx/CVE-2012-6161.json index 0175e82ace7..601172a0e80 100644 --- a/2012/6xxx/CVE-2012-6161.json +++ b/2012/6xxx/CVE-2012-6161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6161", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6339.json b/2012/6xxx/CVE-2012-6339.json index d048af5b343..9d6a61e59a2 100644 --- a/2012/6xxx/CVE-2012-6339.json +++ b/2012/6xxx/CVE-2012-6339.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html" - }, - { - "name" : "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html", - "refsource" : "MISC", - "url" : "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html" - }, - { - "name" : "http://www.cerberusftp.com/products/releasenotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cerberusftp.com/products/releasenotes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html", + "refsource": "MISC", + "url": "http://sadgeeksinsnow.blogspot.com/2012/12/persistence-is-key-another-bug-hunt.html" + }, + { + "name": "http://www.cerberusftp.com/products/releasenotes.html", + "refsource": "CONFIRM", + "url": "http://www.cerberusftp.com/products/releasenotes.html" + }, + { + "name": "20121219 Multiple XSS vulnerabilities in Cerberus FTP Server <= 5.0.5.1 [CVE-2012-6339]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0118.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6583.json b/2012/6xxx/CVE-2012-6583.json index b214568e204..a2c4dee0dd0 100644 --- a/2012/6xxx/CVE-2012-6583.json +++ b/2012/6xxx/CVE-2012-6583.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the \"administer imagemenu\" permission to inject arbitrary web script or HTML via an image file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/1789260", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1789260" - }, - { - "name" : "https://drupal.org/node/1788726", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1788726" - }, - { - "name" : "55610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55610" - }, - { - "name" : "85679", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85679" - }, - { - "name" : "50683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50683" - }, - { - "name" : "imagemenu-imagefilenames-xss(78697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the \"administer imagemenu\" permission to inject arbitrary web script or HTML via an image file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50683" + }, + { + "name": "85679", + "refsource": "OSVDB", + "url": "http://osvdb.org/85679" + }, + { + "name": "https://drupal.org/node/1789260", + "refsource": "MISC", + "url": "https://drupal.org/node/1789260" + }, + { + "name": "55610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55610" + }, + { + "name": "https://drupal.org/node/1788726", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1788726" + }, + { + "name": "imagemenu-imagefilenames-xss(78697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78697" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6610.json b/2012/6xxx/CVE-2012-6610.json index cd3f14ebf95..06032a688c2 100644 --- a/2012/6xxx/CVE-2012-6610.json +++ b/2012/6xxx/CVE-2012-6610.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6610", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6610", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2066.json b/2017/2xxx/CVE-2017-2066.json index 35fcac66bcf..7275f1672ca 100644 --- a/2017/2xxx/CVE-2017-2066.json +++ b/2017/2xxx/CVE-2017-2066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2066", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2198.json b/2017/2xxx/CVE-2017-2198.json index 19154ae13bf..b6dff73aef4 100644 --- a/2017/2xxx/CVE-2017-2198.json +++ b/2017/2xxx/CVE-2017-2198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2198", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2198", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2281.json b/2017/2xxx/CVE-2017-2281.json index f8f7d665dc5..379f74d9130 100644 --- a/2017/2xxx/CVE-2017-2281.json +++ b/2017/2xxx/CVE-2017-2281.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WN-AX1167GR", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 3.00 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WN-AX1167GR", + "version": { + "version_data": [ + { + "version_value": "firmware version 3.00 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2017/wn-ax1167gr/", - "refsource" : "MISC", - "url" : "http://www.iodata.jp/support/information/2017/wn-ax1167gr/" - }, - { - "name" : "JVN#01312667", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN01312667/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#01312667", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN01312667/index.html" + }, + { + "name": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/", + "refsource": "MISC", + "url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2664.json b/2017/2xxx/CVE-2017-2664.json index 06ca8d8854b..152daca9331 100644 --- a/2017/2xxx/CVE-2017-2664.json +++ b/2017/2xxx/CVE-2017-2664.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CloudForms", - "version" : { - "version_data" : [ - { - "version_value" : "5.7.3" - }, - { - "version_value" : "5.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CloudForms", + "version": { + "version_data": [ + { + "version_value": "5.7.3" + }, + { + "version_value": "5.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664" - }, - { - "name" : "RHSA-2017:1758", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1758" - }, - { - "name" : "RHSA-2017:3484", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3484" - }, - { - "name" : "100148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3484", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3484" + }, + { + "name": "100148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100148" + }, + { + "name": "RHSA-2017:1758", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1758" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2670.json b/2017/2xxx/CVE-2017-2670.json index 992b3ae05c9..39bf56fcf75 100644 --- a/2017/2xxx/CVE-2017-2670.json +++ b/2017/2xxx/CVE-2017-2670.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-2670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "undertow", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.28.Final-redhat-4" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-835" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "1.3.28.Final-redhat-4" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670" - }, - { - "name" : "DSA-3906", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3906" - }, - { - "name" : "RHSA-2017:1409", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1409.html" - }, - { - "name" : "RHSA-2017:1410", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1410" - }, - { - "name" : "RHSA-2017:1411", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1411" - }, - { - "name" : "RHSA-2017:1412", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1412" - }, - { - "name" : "RHSA-2017:3454", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3454" - }, - { - "name" : "RHSA-2017:3455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3455" - }, - { - "name" : "RHSA-2017:3456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3456" - }, - { - "name" : "RHSA-2017:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3458" - }, - { - "name" : "98965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1411", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1411" + }, + { + "name": "RHSA-2017:1409", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html" + }, + { + "name": "DSA-3906", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3906" + }, + { + "name": "RHSA-2017:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3458" + }, + { + "name": "RHSA-2017:1410", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1410" + }, + { + "name": "RHSA-2017:1412", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1412" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670" + }, + { + "name": "RHSA-2017:3455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3455" + }, + { + "name": "RHSA-2017:3456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3456" + }, + { + "name": "RHSA-2017:3454", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3454" + }, + { + "name": "98965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98965" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2947.json b/2017/2xxx/CVE-2017-2947.json index a95c497c0cf..2674e7c2eda 100644 --- a/2017/2xxx/CVE-2017-2947.json +++ b/2017/2xxx/CVE-2017-2947.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95348" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95348" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6575.json b/2017/6xxx/CVE-2017-6575.json index 3b7bcf74a44..1ff00c67c37 100644 --- a/2017/6xxx/CVE-2017-6575.json +++ b/2017/6xxx/CVE-2017-6575.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "96783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96783" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6632.json b/2017/6xxx/CVE-2017-6632.json index 4453154675e..16d793593b2 100644 --- a/2017/6xxx/CVE-2017-6632.json +++ b/2017/6xxx/CVE-2017-6632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco FirePOWER System Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco FirePOWER System Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco FirePOWER System Software", + "version": { + "version_data": [ + { + "version_value": "Cisco FirePOWER System Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr" - }, - { - "name" : "98523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr" + }, + { + "name": "98523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98523" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6658.json b/2017/6xxx/CVE-2017-6658.json index 341d76db47b..e9c2b6fe5f0 100644 --- a/2017/6xxx/CVE-2017-6658.json +++ b/2017/6xxx/CVE-2017-6658.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snort 3.0 All versions prior to build 233.", - "version" : { - "version_data" : [ - { - "version_value" : "Snort 3.0 All versions prior to build 233." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overread" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snort 3.0 All versions prior to build 233.", + "version": { + "version_data": [ + { + "version_value": "Snort 3.0 All versions prior to build 233." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html", - "refsource" : "CONFIRM", - "url" : "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html" - }, - { - "name" : "1038483", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overread" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038483", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038483" + }, + { + "name": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html", + "refsource": "CONFIRM", + "url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11247.json b/2018/11xxx/CVE-2018-11247.json index 61567c40809..2c111c565ee 100644 --- a/2018/11xxx/CVE-2018-11247.json +++ b/2018/11xxx/CVE-2018-11247.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180813 [CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180813 [CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11383.json b/2018/11xxx/CVE-2018-11383.json index e9f7efb6ba6..66c89a41916 100644 --- a/2018/11xxx/CVE-2018-11383.json +++ b/2018/11xxx/CVE-2018-11383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a" - }, - { - "name" : "https://github.com/radare/radare2/issues/9943", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/9943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a" + }, + { + "name": "https://github.com/radare/radare2/issues/9943", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/9943" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11425.json b/2018/11xxx/CVE-2018-11425.json index bce4609c4fb..6daacc93003 100644 --- a/2018/11xxx/CVE-2018-11425.json +++ b/2018/11xxx/CVE-2018-11425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11425", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11425", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11509.json b/2018/11xxx/CVE-2018-11509.json index 45662e63751..de99faf71d4 100644 --- a/2018/11xxx/CVE-2018-11509.json +++ b/2018/11xxx/CVE-2018-11509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45200", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45200/" - }, - { - "name" : "http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45200", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45200/" + }, + { + "name": "http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11666.json b/2018/11xxx/CVE-2018-11666.json index ca86fa57652..8c11933d7cf 100644 --- a/2018/11xxx/CVE-2018-11666.json +++ b/2018/11xxx/CVE-2018-11666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14018.json b/2018/14xxx/CVE-2018-14018.json index d2b30f322a1..1d32618d4f9 100644 --- a/2018/14xxx/CVE-2018-14018.json +++ b/2018/14xxx/CVE-2018-14018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14105.json b/2018/14xxx/CVE-2018-14105.json index 948088e5899..a1e888c70cc 100644 --- a/2018/14xxx/CVE-2018-14105.json +++ b/2018/14xxx/CVE-2018-14105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14105", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14105", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14675.json b/2018/14xxx/CVE-2018-14675.json index 86d5280681c..d44fedf0a09 100644 --- a/2018/14xxx/CVE-2018-14675.json +++ b/2018/14xxx/CVE-2018-14675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14675", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14675", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15783.json b/2018/15xxx/CVE-2018-15783.json index 403b78491dd..3c384aa9677 100644 --- a/2018/15xxx/CVE-2018-15783.json +++ b/2018/15xxx/CVE-2018-15783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15783", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15783", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15925.json b/2018/15xxx/CVE-2018-15925.json index fa55dc67478..4541c21aec9 100644 --- a/2018/15xxx/CVE-2018-15925.json +++ b/2018/15xxx/CVE-2018-15925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20023.json b/2018/20xxx/CVE-2018-20023.json index 0e6906bbb57..7b50dd22605 100644 --- a/2018/20xxx/CVE-2018-20023.json +++ b/2018/20xxx/CVE-2018-20023.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-20023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibVNC", - "version" : { - "version_data" : [ - { - "version_value" : "commit 8b06f835e259652b0ff026898014fc7297ade858" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-20023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibVNC", + "version": { + "version_data": [ + { + "version_value": "commit 8b06f835e259652b0ff026898014fc7297ade858" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html" - }, - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/" - }, - { - "name" : "DSA-4383", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4383" - }, - { - "name" : "USN-3877-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3877-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/" + }, + { + "name": "DSA-4383", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4383" + }, + { + "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html" + }, + { + "name": "USN-3877-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3877-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20030.json b/2018/20xxx/CVE-2018-20030.json index 605985aa31b..517f1aee885 100644 --- a/2018/20xxx/CVE-2018-20030.json +++ b/2018/20xxx/CVE-2018-20030.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "DATE_PUBLIC" : "2018-10-12T00:00:00", - "ID" : "CVE-2018-20030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libexif", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.21" - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS (Denial of Service) via CPU resource exhaustion" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC": "2018-10-12T00:00:00", + "ID": "CVE-2018-20030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libexif", + "version": { + "version_data": [ + { + "version_value": "0.6.21" + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89", - "refsource" : "MISC", - "url" : "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS (Denial of Service) via CPU resource exhaustion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89", + "refsource": "MISC", + "url": "https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20562.json b/2018/20xxx/CVE-2018-20562.json index 9b3f5506d04..6e420a30f25 100644 --- a/2018/20xxx/CVE-2018-20562.json +++ b/2018/20xxx/CVE-2018-20562.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss6", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss6", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss6" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20733.json b/2018/20xxx/CVE-2018-20733.json index 4899f31b5c3..d606885c569 100644 --- a/2018/20xxx/CVE-2018-20733.json +++ b/2018/20xxx/CVE-2018-20733.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.sas.com/kb/62/987.html", - "refsource" : "MISC", - "url" : "http://support.sas.com/kb/62/987.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.sas.com/kb/62/987.html", + "refsource": "MISC", + "url": "http://support.sas.com/kb/62/987.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8050.json b/2018/8xxx/CVE-2018-8050.json index 85b087e38e0..fd4eeecc079 100644 --- a/2018/8xxx/CVE-2018-8050.json +++ b/2018/8xxx/CVE-2018-8050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c", - "refsource" : "MISC", - "url" : "https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c", + "refsource": "MISC", + "url": "https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c" + } + ] + } +} \ No newline at end of file