diff --git a/2002/0xxx/CVE-2002-0713.json b/2002/0xxx/CVE-2002-0713.json index 98a7650a4c1..d22cdfc4f79 100644 --- a/2002/0xxx/CVE-2002-0713.json +++ b/2002/0xxx/CVE-2002-0713.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/" - }, - { - "name" : "RHSA-2002:051", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-051.html" - }, - { - "name" : "RHSA-2002:130", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-130.html" - }, - { - "name" : "CSSA-2002-046.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt" - }, - { - "name" : "MDKSA-2002:044", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php" - }, - { - "name" : "20020715 TSLSA-2002-0062 - squid", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102674543407606&w=2" - }, - { - "name" : "5155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5155" - }, - { - "name" : "5156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5156" - }, - { - "name" : "5157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5157" - }, - { - "name" : "squid-msnt-helper-bo(9482)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9482.php" - }, - { - "name" : "squid-gopher-bo(9480)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9480.php" - }, - { - "name" : "squid-ftp-dir-bo(9481)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9481.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "squid-ftp-dir-bo(9481)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9481.php" + }, + { + "name": "20020715 TSLSA-2002-0062 - squid", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102674543407606&w=2" + }, + { + "name": "CSSA-2002-046.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt" + }, + { + "name": "squid-gopher-bo(9480)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9480.php" + }, + { + "name": "5157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5157" + }, + { + "name": "squid-msnt-helper-bo(9482)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9482.php" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/" + }, + { + "name": "RHSA-2002:051", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-051.html" + }, + { + "name": "5155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5155" + }, + { + "name": "5156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5156" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt" + }, + { + "name": "RHSA-2002:130", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-130.html" + }, + { + "name": "MDKSA-2002:044", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2312.json b/2002/2xxx/CVE-2002-2312.json index 5096fb4243a..9989a88a320 100644 --- a/2002/2xxx/CVE-2002-2312.json +++ b/2002/2xxx/CVE-2002-2312.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/283866" - }, - { - "name" : "20020724 Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284096" - }, - { - "name" : "5290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/283866" + }, + { + "name": "20020724 Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284096" + }, + { + "name": "5290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5290" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0426.json b/2005/0xxx/CVE-2005-0426.json index 959af1fc2bf..184c7cb1522 100644 --- a/2005/0xxx/CVE-2005-0426.json +++ b/2005/0xxx/CVE-2005-0426.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via \"Heavy UDP Usage\" that triggers a NULL dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57728", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57728-1" - }, - { - "name" : "12385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12385" - }, - { - "name" : "solaris-udp-end-point-dos(19119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via \"Heavy UDP Usage\" that triggers a NULL dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57728", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57728-1" + }, + { + "name": "solaris-udp-end-point-dos(19119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19119" + }, + { + "name": "12385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12385" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0620.json b/2005/0xxx/CVE-2005-0620.json index d597ffa588a..dc525094d50 100644 --- a/2005/0xxx/CVE-2005-0620.json +++ b/2005/0xxx/CVE-2005-0620.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14455" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0782.json b/2005/0xxx/CVE-2005-0782.json index 80cd1db01e8..54bfd0f0226 100644 --- a/2005/0xxx/CVE-2005-0782.json +++ b/2005/0xxx/CVE-2005-0782.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111065796525043&w=2" - }, - { - "name" : "20050330 PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111221940107161&w=2" - }, - { - "name" : "http://digitalparadox.org/advisories/pafdb.txt", - "refsource" : "MISC", - "url" : "http://digitalparadox.org/advisories/pafdb.txt" - }, - { - "name" : "12788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12788" - }, - { - "name" : "pafiledb-viewall-category-xss(19690)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://digitalparadox.org/advisories/pafdb.txt", + "refsource": "MISC", + "url": "http://digitalparadox.org/advisories/pafdb.txt" + }, + { + "name": "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111065796525043&w=2" + }, + { + "name": "pafiledb-viewall-category-xss(19690)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19690" + }, + { + "name": "12788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12788" + }, + { + "name": "20050330 PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111221940107161&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0811.json b/2005/0xxx/CVE-2005-0811.json index 5284d33d352..bd61f079ccc 100644 --- a/2005/0xxx/CVE-2005-0811.json +++ b/2005/0xxx/CVE-2005-0811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#131828", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/131828" - }, - { - "name" : "12843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12843" - }, - { - "name" : "14617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14617" + }, + { + "name": "VU#131828", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/131828" + }, + { + "name": "12843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12843" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0931.json b/2005/0xxx/CVE-2005-0931.json index 7c092680254..b4321c4a7c0 100644 --- a/2005/0xxx/CVE-2005-0931.json +++ b/2005/0xxx/CVE-2005-0931.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12926" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1113.json b/2005/1xxx/CVE-2005-1113.json index ba71470b158..d1906284ff1 100644 --- a/2005/1xxx/CVE-2005-1113.json +++ b/2005/1xxx/CVE-2005-1113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111343406309969&w=2" - }, - { - "name" : "http://www.digitalparadox.org/advisories/phpbbp.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/phpbbp.txt" - }, - { - "name" : "phpbb-multiple-modules-xss(20085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-multiple-modules-xss(20085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20085" + }, + { + "name": "http://www.digitalparadox.org/advisories/phpbbp.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/phpbbp.txt" + }, + { + "name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111343406309969&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1382.json b/2005/1xxx/CVE-2005-1382.json index c542a508fc8..835e3a73c6d 100644 --- a/2005/1xxx/CVE-2005-1382.json +++ b/2005/1xxx/CVE-2005-1382.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050428 File appending vulnerability in Oracle Webcache 9i", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111472615519295&w=2" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html" - }, - { - "name" : "13420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13420" - }, - { - "name" : "15909", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15909" - }, - { - "name" : "15143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15143" - }, - { - "name" : "oracle9ias-application-cache-file-corruption(20310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html" + }, + { + "name": "20050428 File appending vulnerability in Oracle Webcache 9i", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111472615519295&w=2" + }, + { + "name": "15143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15143" + }, + { + "name": "15909", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15909" + }, + { + "name": "13420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13420" + }, + { + "name": "oracle9ias-application-cache-file-corruption(20310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20310" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1462.json b/2005/1xxx/CVE-2005-1462.json index 94c2f21309d..ea19f20b856 100644 --- a/2005/1xxx/CVE-2005-1462.json +++ b/2005/1xxx/CVE-2005-1462.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" - }, - { - "name" : "http://www.ethereal.com/news/item_20050504_01.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/news/item_20050504_01.html" - }, - { - "name" : "CLSA-2005:963", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "RHSA-2005:427", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" - }, - { - "name" : "13504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13504" - }, - { - "name" : "oval:org.mitre.oval:def:9713", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13504" + }, + { + "name": "RHSA-2005:427", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html" + }, + { + "name": "oval:org.mitre.oval:def:9713", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9713" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "CLSA-2005:963", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" + }, + { + "name": "http://www.ethereal.com/news/item_20050504_01.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/news/item_20050504_01.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1779.json b/2005/1xxx/CVE-2005-1779.json index 8f57ac5cd9b..bd99e7fdb20 100644 --- a/2005/1xxx/CVE-2005-1779.json +++ b/2005/1xxx/CVE-2005-1779.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014048", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014048" - }, - { - "name" : "15511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014048", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014048" + }, + { + "name": "15511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15511" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1909.json b/2005/1xxx/CVE-2005-1909.json index 42926ff983b..bee39bee08f 100644 --- a/2005/1xxx/CVE-2005-1909.json +++ b/2005/1xxx/CVE-2005-1909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a \"= 8.64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/18/1" - }, - { - "name" : "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/18/2" - }, - { - "name" : "http://bugs.ghostscript.com/show_bug.cgi?id=690829", - "refsource" : "CONFIRM", - "url" : "http://bugs.ghostscript.com/show_bug.cgi?id=690829" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=540760", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=540760" - }, - { - "name" : "GLSA-201412-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-17.xml" - }, - { - "name" : "MDVSA-2010:134", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134" - }, - { - "name" : "MDVSA-2010:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "USN-961-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-961-1" - }, - { - "name" : "37410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37410" - }, - { - "name" : "61140", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61140" - }, - { - "name" : "37851", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37851" - }, - { - "name" : "40580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40580" - }, - { - "name" : "ADV-2009-3597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201412-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml" + }, + { + "name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/18/2" + }, + { + "name": "MDVSA-2010:134", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134" + }, + { + "name": "[oss-security] 20091217 possible vulnerability in ghostscript >= 8.64", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/18/1" + }, + { + "name": "USN-961-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-961-1" + }, + { + "name": "MDVSA-2010:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135" + }, + { + "name": "ADV-2009-3597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3597" + }, + { + "name": "61140", + "refsource": "OSVDB", + "url": "http://osvdb.org/61140" + }, + { + "name": "40580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40580" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=540760", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760" + }, + { + "name": "37851", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37851" + }, + { + "name": "37410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37410" + }, + { + "name": "http://bugs.ghostscript.com/show_bug.cgi?id=690829", + "refsource": "CONFIRM", + "url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4458.json b/2009/4xxx/CVE-2009-4458.json index fb401c24c59..ecf34dfedfa 100644 --- a/2009/4xxx/CVE-2009-4458.json +++ b/2009/4xxx/CVE-2009-4458.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10645", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10645" - }, - { - "name" : "37482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37482" - }, - { - "name" : "61357", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61357" - }, - { - "name" : "61358", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61358" - }, - { - "name" : "37972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37972" - }, - { - "name" : "freepbx-tech-xss(55053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55053" - }, - { - "name" : "freepbx-zap-xss(55054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61357", + "refsource": "OSVDB", + "url": "http://osvdb.org/61357" + }, + { + "name": "freepbx-zap-xss(55054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55054" + }, + { + "name": "10645", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10645" + }, + { + "name": "37972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37972" + }, + { + "name": "freepbx-tech-xss(55053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55053" + }, + { + "name": "61358", + "refsource": "OSVDB", + "url": "http://osvdb.org/61358" + }, + { + "name": "37482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37482" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4556.json b/2009/4xxx/CVE-2009-4556.json index 2a0bbaedb0e..35063f1e5bd 100644 --- a/2009/4xxx/CVE-2009-4556.json +++ b/2009/4xxx/CVE-2009-4556.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091013 Quick Heal Local Privilege Escalation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507121/100/0/threaded" - }, - { - "name" : "36662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36662" - }, - { - "name" : "37033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37033" - }, - { - "name" : "quickheal-quhlpsvc-priv-escalation(53746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickheal-quhlpsvc-priv-escalation(53746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53746" + }, + { + "name": "36662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36662" + }, + { + "name": "20091013 Quick Heal Local Privilege Escalation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507121/100/0/threaded" + }, + { + "name": "37033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37033" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4575.json b/2009/4xxx/CVE-2009-4575.json index 255c3a4b6b2..b673a24269f 100644 --- a/2009/4xxx/CVE-2009-4575.json +++ b/2009/4xxx/CVE-2009-4575.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10738", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10738" - }, - { - "name" : "37503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37503" - }, - { - "name" : "61354", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61354" - }, - { - "name" : "37897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37897" - }, - { - "name" : "qpersonel-personelsira-xss(55128)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61354", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61354" + }, + { + "name": "37897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37897" + }, + { + "name": "qpersonel-personelsira-xss(55128)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55128" + }, + { + "name": "37503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37503" + }, + { + "name": "10738", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10738" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4577.json b/2009/4xxx/CVE-2009-4577.json index 65ffedcb488..bc378c1c29f 100644 --- a/2009/4xxx/CVE-2009-4577.json +++ b/2009/4xxx/CVE-2009-4577.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxdev.com/Article661.phtml", - "refsource" : "CONFIRM", - "url" : "http://www.maxdev.com/Article661.phtml" - }, - { - "name" : "37488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37488" - }, - { - "name" : "61347", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61347" - }, - { - "name" : "37748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37748" - }, - { - "name" : "mdpro-mdforum-index-sql-injection(55138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37748" + }, + { + "name": "mdpro-mdforum-index-sql-injection(55138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55138" + }, + { + "name": "61347", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61347" + }, + { + "name": "37488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37488" + }, + { + "name": "http://www.maxdev.com/Article661.phtml", + "refsource": "CONFIRM", + "url": "http://www.maxdev.com/Article661.phtml" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2048.json b/2012/2xxx/CVE-2012-2048.json index 1d125edb280..a44ec4a5691 100644 --- a/2012/2xxx/CVE-2012-2048.json +++ b/2012/2xxx/CVE-2012-2048.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-21.html" - }, - { - "name" : "85317", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85317" - }, - { - "name" : "1027516", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027516" - }, - { - "name" : "50523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50523" - }, - { - "name" : "coldfusion-unspecified-dos(78410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50523" + }, + { + "name": "85317", + "refsource": "OSVDB", + "url": "http://osvdb.org/85317" + }, + { + "name": "1027516", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027516" + }, + { + "name": "coldfusion-unspecified-dos(78410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-21.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2315.json b/2012/2xxx/CVE-2012-2315.json index aea9907d757..591699fd9a1 100644 --- a/2012/2xxx/CVE-2012-2315.json +++ b/2012/2xxx/CVE-2012-2315.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120103 OpenKM 5.1.7 Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html" - }, - { - "name" : "20120104 Re: OpenKM 5.1.7 Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html" - }, - { - "name" : "[oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/23/6" - }, - { - "name" : "[oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/23/8" - }, - { - "name" : "[oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/27/6" - }, - { - "name" : "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/04/2" - }, - { - "name" : "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/04/13" - }, - { - "name" : "51250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51250" - }, - { - "name" : "78105", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78105" - }, - { - "name" : "47424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47424" - }, - { - "name" : "openkm-userpermissions-security-bypass(72112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/23/6" + }, + { + "name": "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/04/2" + }, + { + "name": "51250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51250" + }, + { + "name": "20120103 OpenKM 5.1.7 Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html" + }, + { + "name": "[oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/23/8" + }, + { + "name": "20120104 Re: OpenKM 5.1.7 Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html" + }, + { + "name": "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/04/13" + }, + { + "name": "openkm-userpermissions-security-bypass(72112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72112" + }, + { + "name": "[oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/27/6" + }, + { + "name": "47424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47424" + }, + { + "name": "78105", + "refsource": "OSVDB", + "url": "http://osvdb.org/78105" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2497.json b/2012/2xxx/CVE-2012-2497.json index b98cff7b43f..ae1be0e5757 100644 --- a/2012/2xxx/CVE-2012-2497.json +++ b/2012/2xxx/CVE-2012-2497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2497", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3497, CVE-2012-6400. Reason: This candidate is a duplicate of CVE-2012-3497 and CVE-2012-6400. Notes: All CVE users should reference CVE-2012-3497 (an issue in Xen) or CVE-2012-6400 (an issue not in Xen) instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2497", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3497, CVE-2012-6400. Reason: This candidate is a duplicate of CVE-2012-3497 and CVE-2012-6400. Notes: All CVE users should reference CVE-2012-3497 (an issue in Xen) or CVE-2012-6400 (an issue not in Xen) instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2882.json b/2012/2xxx/CVE-2012-2882.json index 364bf5971e9..09191fb8263 100644 --- a/2012/2xxx/CVE-2012-2882.json +++ b/2012/2xxx/CVE-2012-2882.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"wild pointer\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://chromiumcodereview.appspot.com/10829204", - "refsource" : "CONFIRM", - "url" : "https://chromiumcodereview.appspot.com/10829204" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=140647", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=140647" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15688", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688" - }, - { - "name" : "google-chrome-cve20122882(78839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"wild pointer\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=140647", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=140647" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "https://chromiumcodereview.appspot.com/10829204", + "refsource": "CONFIRM", + "url": "https://chromiumcodereview.appspot.com/10829204" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + }, + { + "name": "google-chrome-cve20122882(78839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78839" + }, + { + "name": "oval:org.mitre.oval:def:15688", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2934.json b/2012/2xxx/CVE-2012-2934.json index 4c04215140c..2c8c9ac7c34 100644 --- a/2012/2xxx/CVE-2012-2934.json +++ b/2012/2xxx/CVE-2012-2934.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest\thost DoS (AMD erratum #121)", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html" - }, - { - "name" : "http://support.amd.com/us/Processor_TechDocs/25759.pdf", - "refsource" : "MISC", - "url" : "http://support.amd.com/us/Processor_TechDocs/25759.pdf" - }, - { - "name" : "DSA-2501", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2501" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "53961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53961" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "http://support.amd.com/us/Processor_TechDocs/25759.pdf", + "refsource": "MISC", + "url": "http://support.amd.com/us/Processor_TechDocs/25759.pdf" + }, + { + "name": "53961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53961" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "DSA-2501", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2501" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "[Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest\thost DoS (AMD erratum #121)", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3058.json b/2012/3xxx/CVE-2012-3058.json index f339cbc1406..fff2273ec7b 100644 --- a/2012/3xxx/CVE-2012-3058.json +++ b/2012/3xxx/CVE-2012-3058.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120620 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6" - }, - { - "name" : "1027187", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120620 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6" + }, + { + "name": "1027187", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027187" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3902.json b/2012/3xxx/CVE-2012-3902.json index 9e2f0e99b98..63e6e10e8cd 100644 --- a/2012/3xxx/CVE-2012-3902.json +++ b/2012/3xxx/CVE-2012-3902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3993.json b/2012/3xxx/CVE-2012-3993.json index 6adfcd151c4..4fe55890e50 100644 --- a/2012/3xxx/CVE-2012-3993.json +++ b/2012/3xxx/CVE-2012-3993.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768101", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768101" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "56119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56119" - }, - { - "name" : "86111", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86111" - }, - { - "name" : "oval:org.mitre.oval:def:16718", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - }, - { - "name" : "firefox-cow-privilege-escalation(79153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "oval:org.mitre.oval:def:16718", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "firefox-cow-privilege-escalation(79153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "86111", + "refsource": "OSVDB", + "url": "http://osvdb.org/86111" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "56119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56119" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6026.json b/2012/6xxx/CVE-2012-6026.json index f5d02692870..f40ff21d887 100644 --- a/2012/6xxx/CVE-2012-6026.json +++ b/2012/6xxx/CVE-2012-6026.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-6026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436" - }, - { - "name" : "20130228 Cisco Aironet Access Point Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436" + }, + { + "name": "20130228 Cisco Aironet Access Point Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6057.json b/2012/6xxx/CVE-2012-6057.json index f0abc008cba..f0b6cb74ff3 100644 --- a/2012/6xxx/CVE-2012-6057.json +++ b/2012/6xxx/CVE-2012-6057.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-34.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800" - }, - { - "name" : "openSUSE-SU-2012:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:0151", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:15883", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-34.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-34.html" + }, + { + "name": "openSUSE-SU-2012:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408" + }, + { + "name": "openSUSE-SU-2013:0151", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800" + }, + { + "name": "oval:org.mitre.oval:def:15883", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6080.json b/2012/6xxx/CVE-2012-6080.json index c8336cc21a4..a2dd351e19f 100644 --- a/2012/6xxx/CVE-2012-6080.json +++ b/2012/6xxx/CVE-2012-6080.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/30/6" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" - }, - { - "name" : "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52" - }, - { - "name" : "http://moinmo.in/SecurityFixes", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes" - }, - { - "name" : "DSA-2593", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2593" - }, - { - "name" : "USN-1680-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1680-1" - }, - { - "name" : "57076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57076" - }, - { - "name" : "51663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51663" - }, - { - "name" : "51676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51676" - }, - { - "name" : "51696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57076" + }, + { + "name": "http://moinmo.in/SecurityFixes", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes" + }, + { + "name": "51663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51663" + }, + { + "name": "DSA-2593", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2593" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" + }, + { + "name": "51676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51676" + }, + { + "name": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52" + }, + { + "name": "51696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51696" + }, + { + "name": "USN-1680-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1680-1" + }, + { + "name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/30/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6658.json b/2012/6xxx/CVE-2012-6658.json index e92900f469c..28a104e660b 100644 --- a/2012/6xxx/CVE-2012-6658.json +++ b/2012/6xxx/CVE-2012-6658.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20063", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20063" - }, - { - "name" : "84112", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84112" - }, - { - "name" : "49978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49978/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49978/" + }, + { + "name": "84112", + "refsource": "OSVDB", + "url": "http://osvdb.org/84112" + }, + { + "name": "20063", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20063" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5266.json b/2015/5xxx/CVE-2015-5266.json index dd7f83b6dc4..04aeafb3a5b 100644 --- a/2015/5xxx/CVE-2015-5266.json +++ b/2015/5xxx/CVE-2015-5266.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320290", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320290" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320290", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320290" + }, + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5309.json b/2015/5xxx/CVE-2015-5309.json index d9e2b670b91..fa63fe9d38a 100644 --- a/2015/5xxx/CVE-2015-5309.json +++ b/2015/5xxx/CVE-2015-5309.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", - "refsource" : "CONFIRM", - "url" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html" - }, - { - "name" : "DSA-3409", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3409" - }, - { - "name" : "FEDORA-2015-3d17682c15", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html" - }, - { - "name" : "FEDORA-2015-5ad4a1f151", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html" - }, - { - "name" : "GLSA-201606-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-01" - }, - { - "name" : "openSUSE-SU-2015:2023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html" - }, - { - "name" : "1034308", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3409", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3409" + }, + { + "name": "FEDORA-2015-3d17682c15", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html" + }, + { + "name": "FEDORA-2015-5ad4a1f151", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html" + }, + { + "name": "1034308", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034308" + }, + { + "name": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html", + "refsource": "CONFIRM", + "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html" + }, + { + "name": "GLSA-201606-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-01" + }, + { + "name": "openSUSE-SU-2015:2023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5537.json b/2015/5xxx/CVE-2015-5537.json index b3265a9b976..29c7e8b7894 100644 --- a/2015/5xxx/CVE-2015-5537.json +++ b/2015/5xxx/CVE-2015-5537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf" - }, - { - "name" : "1033022", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033022", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033022" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5634.json b/2015/5xxx/CVE-2015-5634.json index f0fcce3138b..92ad2c9e93a 100644 --- a/2015/5xxx/CVE-2015-5634.json +++ b/2015/5xxx/CVE-2015-5634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN83862346/995707/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN83862346/995707/index.html" - }, - { - "name" : "JVN#83862346", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN83862346/index.html" - }, - { - "name" : "JVNDB-2015-000132", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN83862346/995707/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN83862346/995707/index.html" + }, + { + "name": "JVNDB-2015-000132", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000132" + }, + { + "name": "JVN#83862346", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN83862346/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5851.json b/2015/5xxx/CVE-2015-5851.json index 0d6a4a7f226..420cec1e6dd 100644 --- a/2015/5xxx/CVE-2015-5851.json +++ b/2015/5xxx/CVE-2015-5851.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2211.json b/2017/2xxx/CVE-2017-2211.json index 5a359b20a7f..1fc53bbd4af 100644 --- a/2017/2xxx/CVE-2017-2211.json +++ b/2017/2xxx/CVE-2017-2211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PatchJGD (Hyoko) (PatchJGDh101.EXE)", - "version" : { - "version_data" : [ - { - "version_value" : "ver. 1.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Geospatial Information Authority of Japan (GSI)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PatchJGD (Hyoko) (PatchJGDh101.EXE)", + "version": { + "version_data": [ + { + "version_value": "ver. 1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Geospatial Information Authority of Japan (GSI)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html", - "refsource" : "CONFIRM", - "url" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html" - }, - { - "name" : "JVN#52691241", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52691241/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#52691241", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52691241/index.html" + }, + { + "name": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html", + "refsource": "CONFIRM", + "url": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11792.json b/2018/11xxx/CVE-2018-11792.json index f248dee59ae..cbfbae983d5 100644 --- a/2018/11xxx/CVE-2018-11792.json +++ b/2018/11xxx/CVE-2018-11792.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-24T00:00:00", - "ID" : "CVE-2018-11792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Impala", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Impala 3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized access" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-24T00:00:00", + "ID": "CVE-2018-11792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Impala", + "version": { + "version_data": [ + { + "version_value": "Apache Impala 3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E" - }, - { - "name" : "105739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105739" + }, + { + "name": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11899.json b/2018/11xxx/CVE-2018-11899.json index b2b357f5e50..78beb5ca0bd 100644 --- a/2018/11xxx/CVE-2018-11899.json +++ b/2018/11xxx/CVE-2018-11899.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11926.json b/2018/11xxx/CVE-2018-11926.json index 1d807a7826b..bdb864afba8 100644 --- a/2018/11xxx/CVE-2018-11926.json +++ b/2018/11xxx/CVE-2018-11926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11937.json b/2018/11xxx/CVE-2018-11937.json index f593a739d6e..c287b052a1a 100644 --- a/2018/11xxx/CVE-2018-11937.json +++ b/2018/11xxx/CVE-2018-11937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15035.json b/2018/15xxx/CVE-2018-15035.json index b9156aa3a6b..6d72bcc62ab 100644 --- a/2018/15xxx/CVE-2018-15035.json +++ b/2018/15xxx/CVE-2018-15035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15035", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15035", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15765.json b/2018/15xxx/CVE-2018-15765.json index f8356fa2597..d8c78020e8f 100644 --- a/2018/15xxx/CVE-2018-15765.json +++ b/2018/15xxx/CVE-2018-15765.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-10-15T07:10:00.000Z", - "ID" : "CVE-2018-15765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESRS Virtual Edition", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.32.00.08" - } - ] - } - } - ] - }, - "vendor_name" : "DELL EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 3.4, - "baseSeverity" : "LOW", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-10-15T07:10:00.000Z", + "ID": "CVE-2018-15765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESRS Virtual Edition", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.32.00.08" + } + ] + } + } + ] + }, + "vendor_name": "DELL EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Oct/35" - }, - { - "name" : "105694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105694" - }, - { - "name" : "1041877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041877" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Oct/35" + }, + { + "name": "105694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105694" + }, + { + "name": "1041877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041877" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15791.json b/2018/15xxx/CVE-2018-15791.json index 75a8c2a92c9..34d03280357 100644 --- a/2018/15xxx/CVE-2018-15791.json +++ b/2018/15xxx/CVE-2018-15791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15791", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15791", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15919.json b/2018/15xxx/CVE-2018-15919.json index 24561a87822..35d7d3d74ec 100644 --- a/2018/15xxx/CVE-2018-15919.json +++ b/2018/15xxx/CVE-2018-15919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/oss-sec/2018/q3/180", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2018/q3/180" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181221-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181221-0001/" - }, - { - "name" : "105163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181221-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181221-0001/" + }, + { + "name": "105163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105163" + }, + { + "name": "http://seclists.org/oss-sec/2018/q3/180", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2018/q3/180" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3169.json b/2018/3xxx/CVE-2018-3169.json index b18b27cb91e..398d88f8c7b 100644 --- a/2018/3xxx/CVE-2018-3169.json +++ b/2018/3xxx/CVE-2018-3169.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "DSA-4326", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4326" - }, - { - "name" : "RHSA-2018:2942", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2942" - }, - { - "name" : "RHSA-2018:2943", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2943" - }, - { - "name" : "RHSA-2018:3000", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3000" - }, - { - "name" : "RHSA-2018:3001", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3001" - }, - { - "name" : "RHSA-2018:3002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3002" - }, - { - "name" : "RHSA-2018:3003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3003" - }, - { - "name" : "RHSA-2018:3350", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3350" - }, - { - "name" : "RHSA-2018:3409", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3409" - }, - { - "name" : "RHSA-2018:3521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3521" - }, - { - "name" : "RHSA-2018:3533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3533" - }, - { - "name" : "RHSA-2018:3534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3534" - }, - { - "name" : "RHSA-2018:3671", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3671" - }, - { - "name" : "RHSA-2018:3672", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3672" - }, - { - "name" : "RHSA-2018:3779", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3779" - }, - { - "name" : "RHSA-2018:3852", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3852" - }, - { - "name" : "USN-3804-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3804-1/" - }, - { - "name" : "USN-3824-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3824-1/" - }, - { - "name" : "105587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105587" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html" + }, + { + "name": "105587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105587" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "RHSA-2018:2942", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2942" + }, + { + "name": "RHSA-2018:3779", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3779" + }, + { + "name": "RHSA-2018:3534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3534" + }, + { + "name": "RHSA-2018:3350", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3350" + }, + { + "name": "RHSA-2018:3003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3003" + }, + { + "name": "USN-3804-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3804-1/" + }, + { + "name": "RHSA-2018:3002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3002" + }, + { + "name": "RHSA-2018:3671", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3671" + }, + { + "name": "RHSA-2018:3852", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3852" + }, + { + "name": "DSA-4326", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4326" + }, + { + "name": "USN-3824-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3824-1/" + }, + { + "name": "RHSA-2018:2943", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2943" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:3533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3533" + }, + { + "name": "RHSA-2018:3409", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3409" + }, + { + "name": "RHSA-2018:3001", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3001" + }, + { + "name": "RHSA-2018:3000", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3000" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + }, + { + "name": "RHSA-2018:3672", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3672" + }, + { + "name": "RHSA-2018:3521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3521" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3340.json b/2018/3xxx/CVE-2018-3340.json index 3a75f03f907..471f604ea11 100644 --- a/2018/3xxx/CVE-2018-3340.json +++ b/2018/3xxx/CVE-2018-3340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3467.json b/2018/3xxx/CVE-2018-3467.json index b007bd382bd..da152bd4fad 100644 --- a/2018/3xxx/CVE-2018-3467.json +++ b/2018/3xxx/CVE-2018-3467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3660.json b/2018/3xxx/CVE-2018-3660.json index 6248df4bd40..b5ce38b64e8 100644 --- a/2018/3xxx/CVE-2018-3660.json +++ b/2018/3xxx/CVE-2018-3660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8105.json b/2018/8xxx/CVE-2018-8105.json index f2fee994c63..7c655637c5b 100644 --- a/2018/8xxx/CVE-2018-8105.json +++ b/2018/8xxx/CVE-2018-8105.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", - "refsource" : "MISC", - "url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", + "refsource": "MISC", + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8441.json b/2018/8xxx/CVE-2018-8441.json index 4a790a39ed9..a28d05f6108 100644 --- a/2018/8xxx/CVE-2018-8441.json +++ b/2018/8xxx/CVE-2018-8441.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka \"Windows Subsystem for Linux Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441" - }, - { - "name" : "105271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105271" - }, - { - "name" : "1041641", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka \"Windows Subsystem for Linux Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441" + }, + { + "name": "1041641", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041641" + }, + { + "name": "105271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105271" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8568.json b/2018/8xxx/CVE-2018-8568.json index 199f9e2c3b2..97c82264b60 100644 --- a/2018/8xxx/CVE-2018-8568.json +++ b/2018/8xxx/CVE-2018-8568.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint Server", - "version" : { - "version_data" : [ - { - "version_value" : "2019" - } - ] - } - }, - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2013 Service Pack 1" - }, - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2013 Service Pack 1" + }, + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568" - }, - { - "name" : "105829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105829" - }, - { - "name" : "1042136", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105829" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568" + }, + { + "name": "1042136", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042136" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8746.json b/2018/8xxx/CVE-2018-8746.json index 0c154a2bf78..7fbd1d8b074 100644 --- a/2018/8xxx/CVE-2018-8746.json +++ b/2018/8xxx/CVE-2018-8746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8746", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8746", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8962.json b/2018/8xxx/CVE-2018-8962.json index 8808df56761..bf061b98280 100644 --- a/2018/8xxx/CVE-2018-8962.json +++ b/2018/8xxx/CVE-2018-8962.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/130", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/130", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/130" + } + ] + } +} \ No newline at end of file