From 2ec49375a55c06ddd14a37d6f41955365c12a313 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:02:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0114.json | 150 ++++++------- 2005/0xxx/CVE-2005-0219.json | 170 +++++++-------- 2005/0xxx/CVE-2005-0585.json | 200 +++++++++--------- 2005/0xxx/CVE-2005-0723.json | 120 +++++------ 2005/3xxx/CVE-2005-3094.json | 180 ++++++++-------- 2005/3xxx/CVE-2005-3481.json | 180 ++++++++-------- 2005/4xxx/CVE-2005-4799.json | 200 +++++++++--------- 2009/0xxx/CVE-2009-0056.json | 170 +++++++-------- 2009/0xxx/CVE-2009-0469.json | 150 ++++++------- 2009/0xxx/CVE-2009-0854.json | 150 ++++++------- 2009/0xxx/CVE-2009-0951.json | 200 +++++++++--------- 2009/3xxx/CVE-2009-3169.json | 150 ++++++------- 2009/3xxx/CVE-2009-3185.json | 130 ++++++------ 2009/3xxx/CVE-2009-3241.json | 230 ++++++++++---------- 2009/3xxx/CVE-2009-3985.json | 360 ++++++++++++++++---------------- 2009/4xxx/CVE-2009-4084.json | 150 ++++++------- 2009/4xxx/CVE-2009-4402.json | 140 ++++++------- 2009/4xxx/CVE-2009-4835.json | 150 ++++++------- 2009/4xxx/CVE-2009-4886.json | 140 ++++++------- 2009/4xxx/CVE-2009-4902.json | 220 ++++++++++---------- 2009/4xxx/CVE-2009-4923.json | 120 +++++------ 2012/2xxx/CVE-2012-2330.json | 170 +++++++-------- 2012/2xxx/CVE-2012-2419.json | 140 ++++++------- 2012/2xxx/CVE-2012-2431.json | 34 +-- 2012/2xxx/CVE-2012-2447.json | 130 ++++++------ 2012/2xxx/CVE-2012-2479.json | 34 +-- 2015/0xxx/CVE-2015-0021.json | 140 ++++++------- 2015/0xxx/CVE-2015-0791.json | 34 +-- 2015/1xxx/CVE-2015-1013.json | 130 ++++++------ 2015/1xxx/CVE-2015-1066.json | 140 ++++++------- 2015/1xxx/CVE-2015-1344.json | 140 ++++++------- 2015/1xxx/CVE-2015-1911.json | 130 ++++++------ 2015/1xxx/CVE-2015-1944.json | 150 ++++++------- 2015/5xxx/CVE-2015-5151.json | 130 ++++++------ 2015/5xxx/CVE-2015-5531.json | 180 ++++++++-------- 2018/11xxx/CVE-2018-11138.json | 130 ++++++------ 2018/11xxx/CVE-2018-11539.json | 34 +-- 2018/11xxx/CVE-2018-11733.json | 34 +-- 2018/3xxx/CVE-2018-3139.json | 370 ++++++++++++++++----------------- 2018/3xxx/CVE-2018-3463.json | 34 +-- 2018/3xxx/CVE-2018-3538.json | 34 +-- 2018/3xxx/CVE-2018-3860.json | 122 +++++------ 2018/3xxx/CVE-2018-3865.json | 122 +++++------ 2018/6xxx/CVE-2018-6536.json | 120 +++++------ 2018/7xxx/CVE-2018-7266.json | 34 +-- 2018/7xxx/CVE-2018-7380.json | 34 +-- 2018/7xxx/CVE-2018-7526.json | 120 +++++------ 2018/7xxx/CVE-2018-7993.json | 120 +++++------ 2018/8xxx/CVE-2018-8255.json | 34 +-- 2018/8xxx/CVE-2018-8459.json | 166 +++++++-------- 2018/8xxx/CVE-2018-8811.json | 130 ++++++------ 2018/8xxx/CVE-2018-8934.json | 150 ++++++------- 52 files changed, 3565 insertions(+), 3565 deletions(-) diff --git a/2005/0xxx/CVE-2005-0114.json b/2005/0xxx/CVE-2005-0114.json index d6134df3c08..9cdb6c5906d 100644 --- a/2005/0xxx/CVE-2005-0114.json +++ b/2005/0xxx/CVE-2005-0114.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050211 ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=199&type=vulnerabilities" - }, - { - "name" : "http://download.zonelabs.com/bin/free/securityAlert/19.html", - "refsource" : "CONFIRM", - "url" : "http://download.zonelabs.com/bin/free/securityAlert/19.html" - }, - { - "name" : "12531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12531" - }, - { - "name" : "14256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.zonelabs.com/bin/free/securityAlert/19.html", + "refsource": "CONFIRM", + "url": "http://download.zonelabs.com/bin/free/securityAlert/19.html" + }, + { + "name": "14256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14256" + }, + { + "name": "12531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12531" + }, + { + "name": "20050211 ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=199&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0219.json b/2005/0xxx/CVE-2005-0219.json index a2a1bb3a968..0fbaf84acf4 100644 --- a/2005/0xxx/CVE-2005-0219.json +++ b/2005/0xxx/CVE-2005-0219.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110608459222364&w=2" - }, - { - "name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory69.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory69.txt" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" - }, - { - "name" : "gallery-multiple-xss(18938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18938" - }, - { - "name" : "gallery-multiple-scripts-xss(43473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110608459222364&w=2" + }, + { + "name": "gallery-multiple-scripts-xss(43473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43473" + }, + { + "name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory69.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory69.txt" + }, + { + "name": "gallery-multiple-xss(18938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18938" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0585.json b/2005/0xxx/CVE-2005-0585.json index 21d4839eb89..2dbf701859d 100644 --- a/2005/0xxx/CVE-2005-0585.json +++ b/2005/0xxx/CVE-2005-0585.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2004-15/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2004-15/advisory/" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-23.html" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "oval:org.mitre.oval:def:100035", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035" - }, - { - "name" : "oval:org.mitre.oval:def:9924", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924" - }, - { - "name" : "13599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:100035", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100035" + }, + { + "name": "http://secunia.com/secunia_research/2004-15/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2004-15/advisory/" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-23.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-23.html" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "13599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13599" + }, + { + "name": "oval:org.mitre.oval:def:9924", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9924" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0723.json b/2005/0xxx/CVE-2005-0723.json index 8e36a6f19ad..bf86bfb6eb1 100644 --- a/2005/0xxx/CVE-2005-0723.json +++ b/2005/0xxx/CVE-2005-0723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 Multiple vulnerabilities in paFileDB", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111031801802851&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050308 Multiple vulnerabilities in paFileDB", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111031801802851&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3094.json b/2005/3xxx/CVE-2005-3094.json index 946153256b1..f6d871738e5 100644 --- a/2005/3xxx/CVE-2005-3094.json +++ b/2005/3xxx/CVE-2005-3094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cirt.net/advisories/alkalay.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alkalay.shtml" - }, - { - "name" : "http://www.alkalay.net/software", - "refsource" : "MISC", - "url" : "http://www.alkalay.net/software" - }, - { - "name" : "14893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14893" - }, - { - "name" : "ADV-2005-1809", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1809" - }, - { - "name" : "19519", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19519" - }, - { - "name" : "16887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16887" - }, - { - "name" : "mancgi-topic-command-injection(22351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16887" + }, + { + "name": "http://www.cirt.net/advisories/alkalay.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alkalay.shtml" + }, + { + "name": "http://www.alkalay.net/software", + "refsource": "MISC", + "url": "http://www.alkalay.net/software" + }, + { + "name": "14893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14893" + }, + { + "name": "mancgi-topic-command-injection(22351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22351" + }, + { + "name": "ADV-2005-1809", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1809" + }, + { + "name": "19519", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19519" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3481.json b/2005/3xxx/CVE-2005-3481.json index 225ed19e9e9..b073ec21685 100644 --- a/2005/3xxx/CVE-2005-3481.json +++ b/2005/3xxx/CVE-2005-3481.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051102 IOS Heap-based Overflow Vulnerability in System Timers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml" - }, - { - "name" : "VU#562945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/562945" - }, - { - "name" : "15275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15275" - }, - { - "name" : "oval:org.mitre.oval:def:4914", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4914" - }, - { - "name" : "ADV-2005-2282", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2282" - }, - { - "name" : "1015139", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015139" - }, - { - "name" : "17413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#562945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/562945" + }, + { + "name": "17413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17413" + }, + { + "name": "oval:org.mitre.oval:def:4914", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4914" + }, + { + "name": "ADV-2005-2282", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2282" + }, + { + "name": "15275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15275" + }, + { + "name": "1015139", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015139" + }, + { + "name": "20051102 IOS Heap-based Overflow Vulnerability in System Timers", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4799.json b/2005/4xxx/CVE-2005-4799.json index 3b53da6b732..3b194ee634f 100644 --- a/2005/4xxx/CVE-2005-4799.json +++ b/2005/4xxx/CVE-2005-4799.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an \"image-related comment\" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051013 Yapig: XSS / Code Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt" - }, - { - "name" : "15092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15092" - }, - { - "name" : "15095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15095" - }, - { - "name" : "19958", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19958" - }, - { - "name" : "19959", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19959" - }, - { - "name" : "17041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17041" - }, - { - "name" : "yapig-viewphp-xss(22752)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22752" - }, - { - "name" : "yapig-website-xss(22750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an \"image-related comment\" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15095" + }, + { + "name": "yapig-website-xss(22750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22750" + }, + { + "name": "15092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15092" + }, + { + "name": "19958", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19958" + }, + { + "name": "20051013 Yapig: XSS / Code Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html" + }, + { + "name": "19959", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19959" + }, + { + "name": "yapig-viewphp-xss(22752)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22752" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt" + }, + { + "name": "17041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17041" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0056.json b/2009/0xxx/CVE-2009-0056.json index 21f170318cb..bc216912d7f 100644 --- a/2009/0xxx/CVE-2009-0056.json +++ b/2009/0xxx/CVE-2009-0056.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml" - }, - { - "name" : "33268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33268" - }, - { - "name" : "ADV-2009-0140", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0140" - }, - { - "name" : "51398", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51398" - }, - { - "name" : "1021594", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021594" - }, - { - "name" : "33479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33268" + }, + { + "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml" + }, + { + "name": "51398", + "refsource": "OSVDB", + "url": "http://osvdb.org/51398" + }, + { + "name": "ADV-2009-0140", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0140" + }, + { + "name": "33479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33479" + }, + { + "name": "1021594", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021594" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0469.json b/2009/0xxx/CVE-2009-0469.json index 2dae3c31e4e..a01d2c92144 100644 --- a/2009/0xxx/CVE-2009-0469.json +++ b/2009/0xxx/CVE-2009-0469.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.futomi.com/library/info/2009/20090123.html", - "refsource" : "CONFIRM", - "url" : "http://www.futomi.com/library/info/2009/20090123.html" - }, - { - "name" : "JVN#80771386", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN80771386/index.html" - }, - { - "name" : "JVNDB-2009-000008", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000008.html" - }, - { - "name" : "33409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#80771386", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN80771386/index.html" + }, + { + "name": "JVNDB-2009-000008", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000008.html" + }, + { + "name": "33409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33409" + }, + { + "name": "http://www.futomi.com/library/info/2009/20090123.html", + "refsource": "CONFIRM", + "url": "http://www.futomi.com/library/info/2009/20090123.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0854.json b/2009/0xxx/CVE-2009-0854.json index d8ddb99f9a9..4c61768a766 100644 --- a/2009/0xxx/CVE-2009-0854.json +++ b/2009/0xxx/CVE-2009-0854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2009-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-732-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-732-1" - }, - { - "name" : "34092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34092" - }, - { - "name" : "34205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34205" - }, - { - "name" : "dash-profile-code-execution(49216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34092" + }, + { + "name": "USN-732-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-732-1" + }, + { + "name": "dash-profile-code-execution(49216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49216" + }, + { + "name": "34205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34205" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0951.json b/2009/0xxx/CVE-2009-0951.json index fdb43dece33..1115b1e64a2 100644 --- a/2009/0xxx/CVE-2009-0951.json +++ b/2009/0xxx/CVE-2009-0951.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3591", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3591" - }, - { - "name" : "APPLE-SA-2009-06-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html" - }, - { - "name" : "35161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35161" - }, - { - "name" : "54878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54878" - }, - { - "name" : "oval:org.mitre.oval:def:16098", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16098" - }, - { - "name" : "1022314", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022314" - }, - { - "name" : "35091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35091" - }, - { - "name" : "ADV-2009-1469", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1469" - }, - { - "name" : "quicktime-flc-bo(50887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quicktime-flc-bo(50887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50887" + }, + { + "name": "35091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35091" + }, + { + "name": "http://support.apple.com/kb/HT3591", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3591" + }, + { + "name": "1022314", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022314" + }, + { + "name": "ADV-2009-1469", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1469" + }, + { + "name": "oval:org.mitre.oval:def:16098", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16098" + }, + { + "name": "35161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35161" + }, + { + "name": "APPLE-SA-2009-06-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html" + }, + { + "name": "54878", + "refsource": "OSVDB", + "url": "http://osvdb.org/54878" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3169.json b/2009/3xxx/CVE-2009-3169.json index b4a562238df..f949233094a 100644 --- a/2009/3xxx/CVE-2009-3169.json +++ b/2009/3xxx/CVE-2009-3169.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html" - }, - { - "name" : "36307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36307" - }, - { - "name" : "36645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36645" - }, - { - "name" : "ADV-2009-2575", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2575", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2575" + }, + { + "name": "36645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36645" + }, + { + "name": "36307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36307" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3185.json b/2009/3xxx/CVE-2009-3185.json index f8a6599ff9b..5823d3fe0f8 100644 --- a/2009/3xxx/CVE-2009-3185.json +++ b/2009/3xxx/CVE-2009-3185.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9529", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9529" - }, - { - "name" : "ADV-2009-2432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2432" + }, + { + "name": "9529", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9529" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3241.json b/2009/3xxx/CVE-2009-3241.json index e068270ec55..510bec96b14 100644 --- a/2009/3xxx/CVE-2009-3241.json +++ b/2009/3xxx/CVE-2009-3241.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-05.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-06.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" - }, - { - "name" : "DSA-1942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1942" - }, - { - "name" : "SUSE-SR:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" - }, - { - "name" : "36408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36408" - }, - { - "name" : "oval:org.mitre.oval:def:6162", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6162" - }, - { - "name" : "36754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36754" - }, - { - "name" : "37409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37409" - }, - { - "name" : "37477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36408" + }, + { + "name": "37477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37477" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-05.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-05.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-06.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-06.html" + }, + { + "name": "36754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36754" + }, + { + "name": "oval:org.mitre.oval:def:6162", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6162" + }, + { + "name": "37409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37409" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3986" + }, + { + "name": "SUSE-SR:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" + }, + { + "name": "DSA-1942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1942" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3985.json b/2009/3xxx/CVE-2009-3985.json index 40a78989537..b8459f2adeb 100644 --- a/2009/3xxx/CVE-2009-3985.json +++ b/2009/3xxx/CVE-2009-3985.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-69.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-69.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=514232", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=514232" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546726", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546726" - }, - { - "name" : "DSA-1956", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1956" - }, - { - "name" : "FEDORA-2009-13333", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" - }, - { - "name" : "FEDORA-2009-13362", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" - }, - { - "name" : "FEDORA-2009-13366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" - }, - { - "name" : "RHSA-2009:1674", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" - }, - { - "name" : "SUSE-SA:2009:063", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" - }, - { - "name" : "USN-873-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-873-1" - }, - { - "name" : "USN-874-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-874-1" - }, - { - "name" : "37349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37349" - }, - { - "name" : "37370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37370" - }, - { - "name" : "oval:org.mitre.oval:def:8480", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480" - }, - { - "name" : "oval:org.mitre.oval:def:9911", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911" - }, - { - "name" : "1023342", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023342" - }, - { - "name" : "1023343", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023343" - }, - { - "name" : "37699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37699" - }, - { - "name" : "37704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37704" - }, - { - "name" : "37785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37785" - }, - { - "name" : "37813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37813" - }, - { - "name" : "37856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37856" - }, - { - "name" : "37881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37881" - }, - { - "name" : "ADV-2009-3547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3547" - }, - { - "name" : "firefox-documentlocation-spoofing(54808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023343", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023343" + }, + { + "name": "37704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37704" + }, + { + "name": "37699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37699" + }, + { + "name": "oval:org.mitre.oval:def:8480", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480" + }, + { + "name": "1023342", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023342" + }, + { + "name": "firefox-documentlocation-spoofing(54808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54808" + }, + { + "name": "ADV-2009-3547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3547" + }, + { + "name": "37881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37881" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=514232", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=514232" + }, + { + "name": "FEDORA-2009-13362", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html" + }, + { + "name": "37785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37785" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546726", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546726" + }, + { + "name": "USN-874-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-874-1" + }, + { + "name": "37813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37813" + }, + { + "name": "FEDORA-2009-13333", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html" + }, + { + "name": "USN-873-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-873-1" + }, + { + "name": "37349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37349" + }, + { + "name": "RHSA-2009:1674", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html" + }, + { + "name": "FEDORA-2009-13366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html" + }, + { + "name": "DSA-1956", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1956" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-69.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-69.html" + }, + { + "name": "37856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37856" + }, + { + "name": "37370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37370" + }, + { + "name": "oval:org.mitre.oval:def:9911", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911" + }, + { + "name": "SUSE-SA:2009:063", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4084.json b/2009/4xxx/CVE-2009-4084.json index 94fafc1775b..84107bfb2f5 100644 --- a/2009/4xxx/CVE-2009-4084.json +++ b/2009/4xxx/CVE-2009-4084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508007/100/0/threaded" - }, - { - "name" : "http://blog.bkis.com/e107-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://blog.bkis.com/e107-multiple-vulnerabilities/" - }, - { - "name" : "37087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37087" - }, - { - "name" : "e107-search-sql-injection(54373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded" + }, + { + "name": "http://blog.bkis.com/e107-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "http://blog.bkis.com/e107-multiple-vulnerabilities/" + }, + { + "name": "37087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37087" + }, + { + "name": "e107-search-sql-injection(54373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54373" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4402.json b/2009/4xxx/CVE-2009-4402.json index 558777162b3..bccbdfc7e64 100644 --- a/2009/4xxx/CVE-2009-4402.json +++ b/2009/4xxx/CVE-2009-4402.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091221 SQL-Ledger â?? several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508559/100/0/threaded" - }, - { - "name" : "37431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37431" - }, - { - "name" : "37877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091221 SQL-Ledger â?? several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded" + }, + { + "name": "37877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37877" + }, + { + "name": "37431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37431" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4835.json b/2009/4xxx/CVE-2009-4835.json index ae918df530c..d66f03efd6c 100644 --- a/2009/4xxx/CVE-2009-4835.json +++ b/2009/4xxx/CVE-2009-4835.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831" - }, - { - "name" : "35126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35126" - }, - { - "name" : "35266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35266" - }, - { - "name" : "ADV-2009-1446", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1446", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1446" + }, + { + "name": "35126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35126" + }, + { + "name": "35266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35266" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4886.json b/2009/4xxx/CVE-2009-4886.json index ca6782e3f46..b8c83ac0d18 100644 --- a/2009/4xxx/CVE-2009-4886.json +++ b/2009/4xxx/CVE-2009-4886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501588/100/0/threaded" - }, - { - "name" : "8185", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8185" - }, - { - "name" : "phpcommunity-showfile-directory-traversal(49152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcommunity-showfile-directory-traversal(49152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49152" + }, + { + "name": "20090307 phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501588/100/0/threaded" + }, + { + "name": "8185", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8185" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4902.json b/2009/4xxx/CVE-2009-4902.json index d66527409eb..6e465afb7e7 100644 --- a/2009/4xxx/CVE-2009-4902.json +++ b/2009/4xxx/CVE-2009-4902.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426" - }, - { - "name" : "DSA-2059", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2059" - }, - { - "name" : "FEDORA-2010-10014", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" - }, - { - "name" : "FEDORA-2010-9995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" - }, - { - "name" : "FEDORA-2010-10764", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html" - }, - { - "name" : "40758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40758" - }, - { - "name" : "40140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40140" - }, - { - "name" : "40239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40239" - }, - { - "name" : "ADV-2010-1427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1427" - }, - { - "name" : "ADV-2010-1508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40758" + }, + { + "name": "DSA-2059", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2059" + }, + { + "name": "40239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40239" + }, + { + "name": "FEDORA-2010-10764", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044124.html" + }, + { + "name": "40140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40140" + }, + { + "name": "ADV-2010-1427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1427" + }, + { + "name": "FEDORA-2010-9995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" + }, + { + "name": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4334" + }, + { + "name": "ADV-2010-1508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1508" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" + }, + { + "name": "FEDORA-2010-10014", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4923.json b/2009/4xxx/CVE-2009-4923.json index c06d8a4ea39..e327fb29d26 100644 --- a/2009/4xxx/CVE-2009-4923.json +++ b/2009/4xxx/CVE-2009-4923.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the DTLS implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (traceback) via TLS fragments, aka Bug ID CSCso53162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2330.json b/2012/2xxx/CVE-2012-2330.json index 89c550e5295..0d8afc82fd2 100644 --- a/2012/2xxx/CVE-2012-2330.json +++ b/2012/2xxx/CVE-2012-2330.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120508 CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/08/4" - }, - { - "name" : "[oss-security] 20120508 Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/08/8" - }, - { - "name" : "http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/", - "refsource" : "CONFIRM", - "url" : "http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/" - }, - { - "name" : "https://github.com/joyent/node/commit/7b3fb22", - "refsource" : "CONFIRM", - "url" : "https://github.com/joyent/node/commit/7b3fb22" - }, - { - "name" : "https://github.com/joyent/node/commit/c9a231d", - "refsource" : "CONFIRM", - "url" : "https://github.com/joyent/node/commit/c9a231d" - }, - { - "name" : "49066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/joyent/node/commit/c9a231d", + "refsource": "CONFIRM", + "url": "https://github.com/joyent/node/commit/c9a231d" + }, + { + "name": "http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/", + "refsource": "CONFIRM", + "url": "http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/" + }, + { + "name": "49066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49066" + }, + { + "name": "https://github.com/joyent/node/commit/7b3fb22", + "refsource": "CONFIRM", + "url": "https://github.com/joyent/node/commit/7b3fb22" + }, + { + "name": "[oss-security] 20120508 CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/08/4" + }, + { + "name": "[oss-security] 20120508 Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/08/8" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2419.json b/2012/2xxx/CVE-2012-2419.json index 56ae6fcb353..f8d4bd5d20c 100644 --- a/2012/2xxx/CVE-2012-2419.json +++ b/2012/2xxx/CVE-2012-2419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522138" - }, - { - "name" : "VU#232979", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/232979" - }, - { - "name" : "quickbooks-intuit-dos(75171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickbooks-intuit-dos(75171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75171" + }, + { + "name": "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522138" + }, + { + "name": "VU#232979", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/232979" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2431.json b/2012/2xxx/CVE-2012-2431.json index b8bab78ceca..1869b43d985 100644 --- a/2012/2xxx/CVE-2012-2431.json +++ b/2012/2xxx/CVE-2012-2431.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2431", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2431", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2447.json b/2012/2xxx/CVE-2012-2447.json index 396d2c6e5a6..196e6ec103a 100644 --- a/2012/2xxx/CVE-2012-2447.json +++ b/2012/2xxx/CVE-2012-2447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html" - }, - { - "name" : "VU#763795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/763795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html" + }, + { + "name": "VU#763795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/763795" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2479.json b/2012/2xxx/CVE-2012-2479.json index 4f3eae28a9e..d095ab7f352 100644 --- a/2012/2xxx/CVE-2012-2479.json +++ b/2012/2xxx/CVE-2012-2479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0021.json b/2015/0xxx/CVE-2015-0021.json index 6fb24038859..cfa907e2f80 100644 --- a/2015/0xxx/CVE-2015-0021.json +++ b/2015/0xxx/CVE-2015-0021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-0021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" - }, - { - "name" : "72436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72436" - }, - { - "name" : "1031723", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72436" + }, + { + "name": "1031723", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031723" + }, + { + "name": "MS15-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0791.json b/2015/0xxx/CVE-2015-0791.json index 2b6d8074348..afb19fe2e3d 100644 --- a/2015/0xxx/CVE-2015-0791.json +++ b/2015/0xxx/CVE-2015-0791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0791", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-0791", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1013.json b/2015/1xxx/CVE-2015-1013.json index ad8f4d172fc..168a9aea7f0 100644 --- a/2015/1xxx/CVE-2015-1013.json +++ b/2015/1xxx/CVE-2015-1013.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2015-1013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01" - }, - { - "name" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280", - "refsource" : "CONFIRM", - "url" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280", + "refsource": "CONFIRM", + "url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00280" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-132-01" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1066.json b/2015/1xxx/CVE-2015-1066.json index f8fabca311c..1cb2cff3d49 100644 --- a/2015/1xxx/CVE-2015-1066.json +++ b/2015/1xxx/CVE-2015-1066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204413", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204413" - }, - { - "name" : "APPLE-SA-2015-03-09-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" - }, - { - "name" : "1031869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-03-09-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" + }, + { + "name": "https://support.apple.com/HT204413", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204413" + }, + { + "name": "1031869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031869" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1344.json b/2015/1xxx/CVE-2015-1344.json index a5cf522a848..53579db733b 100644 --- a/2015/1xxx/CVE-2015-1344.json +++ b/2015/1xxx/CVE-2015-1344.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854" - }, - { - "name" : "https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a", - "refsource" : "CONFIRM", - "url" : "https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a" - }, - { - "name" : "USN-2813-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2813-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854" + }, + { + "name": "USN-2813-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2813-1" + }, + { + "name": "https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a", + "refsource": "CONFIRM", + "url": "https://github.com/lxc/lxcfs/commit/8ee2a503e102b1a43ec4d83113dc275ab20a869a" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1911.json b/2015/1xxx/CVE-2015-1911.json index 7a707715c6b..da1b7209634 100644 --- a/2015/1xxx/CVE-2015-1911.json +++ b/2015/1xxx/CVE-2015-1911.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700864", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700864" - }, - { - "name" : "74224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700864", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700864" + }, + { + "name": "74224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74224" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1944.json b/2015/1xxx/CVE-2015-1944.json index 049a9397c39..59dadb40acc 100644 --- a/2015/1xxx/CVE-2015-1944.json +++ b/2015/1xxx/CVE-2015-1944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21958024", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21958024" - }, - { - "name" : "PI40341", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341" - }, - { - "name" : "75478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75478" - }, - { - "name" : "1032970", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032970", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032970" + }, + { + "name": "75478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75478" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024" + }, + { + "name": "PI40341", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5151.json b/2015/5xxx/CVE-2015-5151.json index 6ded2c6c9db..431f927e4e5 100644 --- a/2015/5xxx/CVE-2015-5151.json +++ b/2015/5xxx/CVE-2015-5151.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html" - }, - { - "name" : "75303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html" + }, + { + "name": "75303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75303" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5531.json b/2015/5xxx/CVE-2015-5531.json index 33ad8642242..2ec27b6097d 100644 --- a/2015/5xxx/CVE-2015-5531.json +++ b/2015/5xxx/CVE-2015-5531.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150716 Elasticsearch CVE-2015-5531", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536017/100/0/threaded" - }, - { - "name" : "38383", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38383/" - }, - { - "name" : "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html" - }, - { - "name" : "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html" - }, - { - "name" : "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - }, - { - "name" : "75935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150716 Elasticsearch CVE-2015-5531", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536017/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html" + }, + { + "name": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html" + }, + { + "name": "75935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75935" + }, + { + "name": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + }, + { + "name": "38383", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38383/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11138.json b/2018/11xxx/CVE-2018-11138.json index e9d0cd77101..51247356c27 100644 --- a/2018/11xxx/CVE-2018-11138.json +++ b/2018/11xxx/CVE-2018-11138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44950", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44950/" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44950", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44950/" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11539.json b/2018/11xxx/CVE-2018-11539.json index ff42ef044db..295624ef954 100644 --- a/2018/11xxx/CVE-2018-11539.json +++ b/2018/11xxx/CVE-2018-11539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11733.json b/2018/11xxx/CVE-2018-11733.json index 7765af57154..caedf95f8e0 100644 --- a/2018/11xxx/CVE-2018-11733.json +++ b/2018/11xxx/CVE-2018-11733.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11733", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11733", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3139.json b/2018/3xxx/CVE-2018-3139.json index df756146473..d71ab3ebf43 100644 --- a/2018/3xxx/CVE-2018-3139.json +++ b/2018/3xxx/CVE-2018-3139.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u201, 7u191, 8u181, 11" - }, - { - "version_affected" : "=", - "version_value" : "Java SE Embedded: 8u181" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u201, 7u191, 8u181, 11" + }, + { + "version_affected": "=", + "version_value": "Java SE Embedded: 8u181" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" - }, - { - "name" : "DSA-4326", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4326" - }, - { - "name" : "RHSA-2018:2942", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2942" - }, - { - "name" : "RHSA-2018:2943", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2943" - }, - { - "name" : "RHSA-2018:3000", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3000" - }, - { - "name" : "RHSA-2018:3001", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3001" - }, - { - "name" : "RHSA-2018:3002", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3002" - }, - { - "name" : "RHSA-2018:3003", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3003" - }, - { - "name" : "RHSA-2018:3007", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3007" - }, - { - "name" : "RHSA-2018:3008", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3008" - }, - { - "name" : "RHSA-2018:3350", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3350" - }, - { - "name" : "RHSA-2018:3409", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3409" - }, - { - "name" : "RHSA-2018:3521", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3521" - }, - { - "name" : "RHSA-2018:3533", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3533" - }, - { - "name" : "RHSA-2018:3534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3534" - }, - { - "name" : "RHSA-2018:3671", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3671" - }, - { - "name" : "RHSA-2018:3672", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3672" - }, - { - "name" : "RHSA-2018:3779", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3779" - }, - { - "name" : "RHSA-2018:3852", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3852" - }, - { - "name" : "USN-3804-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3804-1/" - }, - { - "name" : "USN-3824-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3824-1/" - }, - { - "name" : "105602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105602" - }, - { - "name" : "1041889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html" + }, + { + "name": "RHSA-2018:3007", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3007" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" + }, + { + "name": "RHSA-2018:2942", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2942" + }, + { + "name": "RHSA-2018:3779", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3779" + }, + { + "name": "RHSA-2018:3534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3534" + }, + { + "name": "RHSA-2018:3350", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3350" + }, + { + "name": "105602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105602" + }, + { + "name": "RHSA-2018:3003", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3003" + }, + { + "name": "USN-3804-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3804-1/" + }, + { + "name": "RHSA-2018:3002", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3002" + }, + { + "name": "RHSA-2018:3671", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3671" + }, + { + "name": "RHSA-2018:3852", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3852" + }, + { + "name": "DSA-4326", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4326" + }, + { + "name": "USN-3824-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3824-1/" + }, + { + "name": "RHSA-2018:2943", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2943" + }, + { + "name": "RHSA-2018:3008", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3008" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "RHSA-2018:3533", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3533" + }, + { + "name": "RHSA-2018:3409", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3409" + }, + { + "name": "RHSA-2018:3001", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3001" + }, + { + "name": "RHSA-2018:3000", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3000" + }, + { + "name": "1041889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041889" + }, + { + "name": "RHSA-2018:3672", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3672" + }, + { + "name": "RHSA-2018:3521", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3521" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3463.json b/2018/3xxx/CVE-2018-3463.json index e77515cf900..cc80a7c8bee 100644 --- a/2018/3xxx/CVE-2018-3463.json +++ b/2018/3xxx/CVE-2018-3463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3538.json b/2018/3xxx/CVE-2018-3538.json index ae243627971..66f9a04faee 100644 --- a/2018/3xxx/CVE-2018-3538.json +++ b/2018/3xxx/CVE-2018-3538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3860.json b/2018/3xxx/CVE-2018-3860.json index 1a212f4bdf8..4ba0656d9e5 100644 --- a/2018/3xxx/CVE-2018-3860.json +++ b/2018/3xxx/CVE-2018-3860.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-3860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Canvas Draw", - "version" : { - "version_data" : [ - { - "version_value" : "ACD Systems Canvas Draw 4.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "ACD Systems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787: Out-of-Bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-3860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Canvas Draw", + "version": { + "version_data": [ + { + "version_value": "ACD Systems Canvas Draw 4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "ACD Systems" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0544", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-Bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0544", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0544" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3865.json b/2018/3xxx/CVE-2018-3865.json index a6a1516053c..f51edfb8532 100644 --- a/2018/3xxx/CVE-2018-3865.json +++ b/2018/3xxx/CVE-2018-3865.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartThings Hub STH-ETH-250", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long \"cameraIp\" value in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Classic Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings Hub STH-ETH-250", + "version": { + "version_data": [ + { + "version_value": "Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long \"cameraIp\" value in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Classic Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6536.json b/2018/6xxx/CVE-2018-6536.json index 0d0e62cf89c..07fabfc7387 100644 --- a/2018/6xxx/CVE-2018-6536.json +++ b/2018/6xxx/CVE-2018-6536.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a \"kill `cat /pathname/icinga2.pid`\" command, as demonstrated by icinga2.init.d.cmake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Icinga/icinga2/issues/5991", - "refsource" : "MISC", - "url" : "https://github.com/Icinga/icinga2/issues/5991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a \"kill `cat /pathname/icinga2.pid`\" command, as demonstrated by icinga2.init.d.cmake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Icinga/icinga2/issues/5991", + "refsource": "MISC", + "url": "https://github.com/Icinga/icinga2/issues/5991" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7266.json b/2018/7xxx/CVE-2018-7266.json index 5ad471df75a..8edafb77583 100644 --- a/2018/7xxx/CVE-2018-7266.json +++ b/2018/7xxx/CVE-2018-7266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7266", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7266", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7380.json b/2018/7xxx/CVE-2018-7380.json index dae5f48d8b9..b6c27bd18e4 100644 --- a/2018/7xxx/CVE-2018-7380.json +++ b/2018/7xxx/CVE-2018-7380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7526.json b/2018/7xxx/CVE-2018-7526.json index bc26f829432..2ac45016ae0 100644 --- a/2018/7xxx/CVE-2018-7526.json +++ b/2018/7xxx/CVE-2018-7526.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-7526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-7526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7993.json b/2018/7xxx/CVE-2018-7993.json index 6103a7b0bd4..a818dfcc5bb 100644 --- a/2018/7xxx/CVE-2018-7993.json +++ b/2018/7xxx/CVE-2018-7993.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HUAWEI Mate 10", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than ALP-AL00 8.1.0.311" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 10", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than ALP-AL00 8.1.0.311" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8255.json b/2018/8xxx/CVE-2018-8255.json index 844561e3593..2f766a0f931 100644 --- a/2018/8xxx/CVE-2018-8255.json +++ b/2018/8xxx/CVE-2018-8255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8459.json b/2018/8xxx/CVE-2018-8459.json index 90d23acd85e..56fae0f3f8a 100644 --- a/2018/8xxx/CVE-2018-8459.json +++ b/2018/8xxx/CVE-2018-8459.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8459", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8459" - }, - { - "name" : "105230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105230" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105230" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8459", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8459" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8811.json b/2018/8xxx/CVE-2018-8811.json index 0d348541e7b..a53d0ae26de 100644 --- a/2018/8xxx/CVE-2018-8811.json +++ b/2018/8xxx/CVE-2018-8811.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44391", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44391/" - }, - { - "name" : "https://github.com/alkacon/opencms-core/issues/586", - "refsource" : "MISC", - "url" : "https://github.com/alkacon/opencms-core/issues/586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/alkacon/opencms-core/issues/586", + "refsource": "MISC", + "url": "https://github.com/alkacon/opencms-core/issues/586" + }, + { + "name": "44391", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44391/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8934.json b/2018/8xxx/CVE-2018-8934.json index a2855ddf99b..6ff95f9133a 100644 --- a/2018/8xxx/CVE-2018-8934.json +++ b/2018/8xxx/CVE-2018-8934.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://amdflaws.com/", - "refsource" : "MISC", - "url" : "https://amdflaws.com/" - }, - { - "name" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/", - "refsource" : "MISC", - "url" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/" - }, - { - "name" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research", - "refsource" : "MISC", - "url" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research" - }, - { - "name" : "https://safefirmware.com/amdflaws_whitepaper.pdf", - "refsource" : "MISC", - "url" : "https://safefirmware.com/amdflaws_whitepaper.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://amdflaws.com/", + "refsource": "MISC", + "url": "https://amdflaws.com/" + }, + { + "name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/", + "refsource": "MISC", + "url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/" + }, + { + "name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research", + "refsource": "MISC", + "url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research" + }, + { + "name": "https://safefirmware.com/amdflaws_whitepaper.pdf", + "refsource": "MISC", + "url": "https://safefirmware.com/amdflaws_whitepaper.pdf" + } + ] + } +} \ No newline at end of file