diff --git a/2002/0xxx/CVE-2002-0196.json b/2002/0xxx/CVE-2002-0196.json index 55e62b1272e..15c7020eb6c 100644 --- a/2002/0xxx/CVE-2002-0196.json +++ b/2002/0xxx/CVE-2002-0196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/251699" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=144966", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=144966" - }, - { - "name" : "3924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3924" - }, - { - "name" : "cwpapi-getrelativepath-view-files(7981)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7981.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3924" + }, + { + "name": "cwpapi-getrelativepath-view-files(7981)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7981.php" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=144966", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=144966" + }, + { + "name": "20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/251699" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0789.json b/2002/0xxx/CVE-2002-0789.json index a6f9aa0dcf0..9e2e14b5eef 100644 --- a/2002/0xxx/CVE-2002-0789.json +++ b/2002/0xxx/CVE-2002-0789.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020511 Bug in mnogosearch-3.1.19", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html" - }, - { - "name" : "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz" - }, - { - "name" : "http://www.mnogosearch.org/history.html#log31", - "refsource" : "MISC", - "url" : "http://www.mnogosearch.org/history.html#log31" - }, - { - "name" : "4724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4724" - }, - { - "name" : "mnogosearch-search-cgi-bo(9060)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9060.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4724" + }, + { + "name": "mnogosearch-search-cgi-bo(9060)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9060.php" + }, + { + "name": "http://www.mnogosearch.org/history.html#log31", + "refsource": "MISC", + "url": "http://www.mnogosearch.org/history.html#log31" + }, + { + "name": "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz" + }, + { + "name": "20020511 Bug in mnogosearch-3.1.19", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0825.json b/2002/0xxx/CVE-2002-0825.json index 5b9e9bd07e6..72a59e0fd75 100644 --- a/2002/0xxx/CVE-2002-0825.json +++ b/2002/0xxx/CVE-2002-0825.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.padl.com/Articles/PotentialBufferOverflowin.html", - "refsource" : "CONFIRM", - "url" : "http://www.padl.com/Articles/PotentialBufferOverflowin.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.padl.com/Articles/PotentialBufferOverflowin.html", + "refsource": "CONFIRM", + "url": "http://www.padl.com/Articles/PotentialBufferOverflowin.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2256.json b/2002/2xxx/CVE-2002-2256.json index 077777ff429..87ff31099da 100644 --- a/2002/2xxx/CVE-2002-2256.json +++ b/2002/2xxx/CVE-2002-2256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021127 pWins Perl Web Server Directory Transversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0347.html" - }, - { - "name" : "6271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6271" - }, - { - "name" : "pwins-dotdot-directory-traversal(10724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021127 pWins Perl Web Server Directory Transversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0347.html" + }, + { + "name": "pwins-dotdot-directory-traversal(10724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10724" + }, + { + "name": "6271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6271" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2259.json b/2002/2xxx/CVE-2002-2259.json index 31b77ce8483..0b10704e238 100644 --- a/2002/2xxx/CVE-2002-2259.json +++ b/2002/2xxx/CVE-2002-2259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SuSE-SA:2002:047", - "refsource" : "SUSE", - "url" : "http://www.suse.com/de/security/2002_047_openldap2.html" - }, - { - "name" : "6329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6329" - }, - { - "name" : "gnuplot-french-documentation-bo(10801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnuplot-french-documentation-bo(10801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801" + }, + { + "name": "6329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6329" + }, + { + "name": "SuSE-SA:2002:047", + "refsource": "SUSE", + "url": "http://www.suse.com/de/security/2002_047_openldap2.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0478.json b/2005/0xxx/CVE-2005-0478.json index 6dcd4ed75d1..9411b398b2c 100644 --- a/2005/0xxx/CVE-2005-0478.json +++ b/2005/0xxx/CVE-2005-0478.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 Multiple vulnerabilities in TrackerCam 5.12", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390918" - }, - { - "name" : "12592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12592" - }, - { - "name" : "trackercam-php-bo(19411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19411" - }, - { - "name" : "trackercam-useragent-bo(19409)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trackercam-useragent-bo(19409)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19409" + }, + { + "name": "20050218 Multiple vulnerabilities in TrackerCam 5.12", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390918" + }, + { + "name": "trackercam-php-bo(19411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19411" + }, + { + "name": "12592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12592" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0783.json b/2005/0xxx/CVE-2005-0783.json index 69a6e005764..675e622b2de 100644 --- a/2005/0xxx/CVE-2005-0783.json +++ b/2005/0xxx/CVE-2005-0783.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050313 3 XSS Vulnerabilities in Phorum <= 5.0.14", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111083279031544&w=2" - }, - { - "name" : "12800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12800" - }, - { - "name" : "14554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12800" + }, + { + "name": "14554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14554" + }, + { + "name": "20050313 3 XSS Vulnerabilities in Phorum <= 5.0.14", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111083279031544&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1082.json b/2005/1xxx/CVE-2005-1082.json index 2e818caab19..6c2744b5e4f 100644 --- a/2005/1xxx/CVE-2005-1082.json +++ b/2005/1xxx/CVE-2005-1082.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050409 AzDGDatingPlatinum multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395530" - }, - { - "name" : "20060628 AzDGDatingPlatinum<<--v1.1.0 \"view.php\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438607/100/100/threaded" - }, - { - "name" : "13082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13082" - }, - { - "name" : "15525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15525" - }, - { - "name" : "azdgdating-platinum-sql-injection(20051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20051" - }, - { - "name" : "azdgdatingplatinum-view-sql-injection(27436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050409 AzDGDatingPlatinum multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395530" + }, + { + "name": "20060628 AzDGDatingPlatinum<<--v1.1.0 \"view.php\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438607/100/100/threaded" + }, + { + "name": "13082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13082" + }, + { + "name": "azdgdating-platinum-sql-injection(20051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20051" + }, + { + "name": "15525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15525" + }, + { + "name": "azdgdatingplatinum-view-sql-injection(27436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27436" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1131.json b/2005/1xxx/CVE-2005-1131.json index 8e9d7f257c6..27e5d371935 100644 --- a/2005/1xxx/CVE-2005-1131.json +++ b/2005/1xxx/CVE-2005-1131.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but \"critical\" impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040413 Patch available for critical Veritas i3 Server vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0008.html" - }, - { - "name" : "http://seer.support.veritas.com/docs/276119.htm", - "refsource" : "MISC", - "url" : "http://seer.support.veritas.com/docs/276119.htm" - }, - { - "name" : "13142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13142" - }, - { - "name" : "15498", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15498" - }, - { - "name" : "1013694", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013694" - }, - { - "name" : "14934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but \"critical\" impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14934" + }, + { + "name": "15498", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15498" + }, + { + "name": "20040413 Patch available for critical Veritas i3 Server vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0008.html" + }, + { + "name": "1013694", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013694" + }, + { + "name": "http://seer.support.veritas.com/docs/276119.htm", + "refsource": "MISC", + "url": "http://seer.support.veritas.com/docs/276119.htm" + }, + { + "name": "13142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13142" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1488.json b/2005/1xxx/CVE-2005-1488.json index 6541476cb52..a5dfa64e6e3 100644 --- a/2005/1xxx/CVE-2005-1488.json +++ b/2005/1xxx/CVE-2005-1488.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111530933016434&w=2" - }, - { - "name" : "merak-icewarp-script-xss(20467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111530933016434&w=2" + }, + { + "name": "merak-icewarp-script-xss(20467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20467" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1496.json b/2005/1xxx/CVE-2005-1496.json index 1326d2399cd..0ffa8d02694 100644 --- a/2005/1xxx/CVE-2005-1496.json +++ b/2005/1xxx/CVE-2005-1496.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050505 Oracle 10g DBMS_SCHEDULER SESSION_USER issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111531740305049&w=2" - }, - { - "name" : "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html" - }, - { - "name" : "13509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13509" - }, - { - "name" : "oracle10g-gain-privileges(20410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html" + }, + { + "name": "20050505 Oracle 10g DBMS_SCHEDULER SESSION_USER issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111531740305049&w=2" + }, + { + "name": "13509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13509" + }, + { + "name": "oracle10g-gain-privileges(20410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20410" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1663.json b/2005/1xxx/CVE-2005-1663.json index d37803d4b6d..fef41bed914 100644 --- a/2005/1xxx/CVE-2005-1663.json +++ b/2005/1xxx/CVE-2005-1663.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with \"://\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html" - }, - { - "name" : "12183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12183" - }, - { - "name" : "12719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12719" - }, - { - "name" : "13732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13732" - }, - { - "name" : "1012791", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012791" - }, - { - "name" : "jeuce-url-dos(18791)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with \"://\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html" + }, + { + "name": "12719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12719" + }, + { + "name": "12183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12183" + }, + { + "name": "jeuce-url-dos(18791)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18791" + }, + { + "name": "13732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13732" + }, + { + "name": "1012791", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012791" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0550.json b/2009/0xxx/CVE-2009-0550.json index b04ecb5be60..5ed92445667 100644 --- a/2009/0xxx/CVE-2009-0550.json +++ b/2009/0xxx/CVE-2009-0550.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138" - }, - { - "name" : "MS09-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" - }, - { - "name" : "MS09-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" - }, - { - "name" : "TA09-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" - }, - { - "name" : "34439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34439" - }, - { - "name" : "53619", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53619" - }, - { - "name" : "oval:org.mitre.oval:def:5320", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" - }, - { - "name" : "oval:org.mitre.oval:def:6233", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" - }, - { - "name" : "oval:org.mitre.oval:def:7569", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" - }, - { - "name" : "1022041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022041" - }, - { - "name" : "34677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34677" - }, - { - "name" : "34678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34678" - }, - { - "name" : "ADV-2009-1027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1027" - }, - { - "name" : "ADV-2009-1028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1028" + }, + { + "name": "53619", + "refsource": "OSVDB", + "url": "http://osvdb.org/53619" + }, + { + "name": "34677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34677" + }, + { + "name": "TA09-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" + }, + { + "name": "1022041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022041" + }, + { + "name": "34678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34678" + }, + { + "name": "oval:org.mitre.oval:def:6233", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233" + }, + { + "name": "oval:org.mitre.oval:def:7569", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569" + }, + { + "name": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138" + }, + { + "name": "34439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34439" + }, + { + "name": "MS09-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" + }, + { + "name": "oval:org.mitre.oval:def:5320", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320" + }, + { + "name": "ADV-2009-1027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1027" + }, + { + "name": "MS09-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0673.json b/2009/0xxx/CVE-2009-0673.json index 525a493f559..c1371b6fbac 100644 --- a/2009/0xxx/CVE-2009-0673.json +++ b/2009/0xxx/CVE-2009-0673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500988/100/0/threaded" - }, - { - "name" : "8068", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8068" - }, - { - "name" : "http://www.waraxe.us/advisory-72.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-72.html" - }, - { - "name" : "http://ravenphpscripts.com/postt17156.html", - "refsource" : "CONFIRM", - "url" : "http://ravenphpscripts.com/postt17156.html" - }, - { - "name" : "33787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33787" - }, - { - "name" : "ravennuke-admin-code-execution(48790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33787" + }, + { + "name": "http://ravenphpscripts.com/postt17156.html", + "refsource": "CONFIRM", + "url": "http://ravenphpscripts.com/postt17156.html" + }, + { + "name": "ravennuke-admin-code-execution(48790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48790" + }, + { + "name": "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500988/100/0/threaded" + }, + { + "name": "8068", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8068" + }, + { + "name": "http://www.waraxe.us/advisory-72.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-72.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0869.json b/2009/0xxx/CVE-2009-0869.json index d7c6bfe61e1..02a6e473169 100644 --- a/2009/0xxx/CVE-2009-0869.json +++ b/2009/0xxx/CVE-2009-0869.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21329223", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21329223" - }, - { - "name" : "IC59481", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59481" - }, - { - "name" : "34034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34034" - }, - { - "name" : "1021820", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021820" - }, - { - "name" : "34189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34189" - }, - { - "name" : "ADV-2009-0638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021820", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021820" + }, + { + "name": "34189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34189" + }, + { + "name": "IC59481", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59481" + }, + { + "name": "ADV-2009-0638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0638" + }, + { + "name": "34034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34034" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21329223", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21329223" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1006.json b/2009/1xxx/CVE-2009-1006.json index 08b58e10397..c5d66cc6830 100644 --- a/2009/1xxx/CVE-2009-1006.json +++ b/2009/1xxx/CVE-2009-1006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "1022059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022059" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1667.json b/2009/1xxx/CVE-2009-1667.json index 281977d08fb..f4b71a49af5 100644 --- a/2009/1xxx/CVE-2009-1667.json +++ b/2009/1xxx/CVE-2009-1667.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8660", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8660" - }, - { - "name" : "8661", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8661" - }, - { - "name" : "8662", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8661", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8661" + }, + { + "name": "8660", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8660" + }, + { + "name": "8662", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8662" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1784.json b/2009/1xxx/CVE-2009-1784.json index dd8831166d6..b5521605b3e 100644 --- a/2009/1xxx/CVE-2009-1784.json +++ b/2009/1xxx/CVE-2009-1784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090509 [TZO-20-2009] AVG ZIP evasion / bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503392/100/0/threaded" - }, - { - "name" : "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html" - }, - { - "name" : "34895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34895" - }, - { - "name" : "avg-zip-security-bypass(50426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition f\u00fcr Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html" + }, + { + "name": "avg-zip-security-bypass(50426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50426" + }, + { + "name": "20090509 [TZO-20-2009] AVG ZIP evasion / bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503392/100/0/threaded" + }, + { + "name": "34895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34895" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1834.json b/2009/1xxx/CVE-2009-1834.json index b9f0ceede33..02cb08e5f76 100644 --- a/2009/1xxx/CVE-2009-1834.json +++ b/2009/1xxx/CVE-2009-1834.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \\u115A through \\u115E characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479413", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479413" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503573", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503573" - }, - { - "name" : "DSA-1820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1820" - }, - { - "name" : "FEDORA-2009-6366", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" - }, - { - "name" : "FEDORA-2009-6411", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" - }, - { - "name" : "RHSA-2009:1095", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" - }, - { - "name" : "SSA:2009-167-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "35326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35326" - }, - { - "name" : "35388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35388" - }, - { - "name" : "55162", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55162" - }, - { - "name" : "oval:org.mitre.oval:def:10436", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436" - }, - { - "name" : "35331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35331" - }, - { - "name" : "35431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35431" - }, - { - "name" : "35439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35439" - }, - { - "name" : "35468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35468" - }, - { - "name" : "35415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35415" - }, - { - "name" : "ADV-2009-1572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \\u115A through \\u115E characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1572" + }, + { + "name": "35388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35388" + }, + { + "name": "oval:org.mitre.oval:def:10436", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436" + }, + { + "name": "35326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35326" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html" + }, + { + "name": "FEDORA-2009-6411", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" + }, + { + "name": "35431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35431" + }, + { + "name": "35331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35331" + }, + { + "name": "35468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35468" + }, + { + "name": "35439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35439" + }, + { + "name": "FEDORA-2009-6366", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" + }, + { + "name": "35415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35415" + }, + { + "name": "RHSA-2009:1095", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html" + }, + { + "name": "SSA:2009-167-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" + }, + { + "name": "55162", + "refsource": "OSVDB", + "url": "http://osvdb.org/55162" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479413", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479413" + }, + { + "name": "DSA-1820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1820" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503573", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2311.json b/2012/2xxx/CVE-2012-2311.json index 87fb818664b..786d2b818d9 100644 --- a/2012/2xxx/CVE-2012-2311.json +++ b/2012/2xxx/CVE-2012-2311.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", - "refsource" : "MISC", - "url" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.4.3" - }, - { - "name" : "http://www.php.net/archive/2012.php#id2012-05-08-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2012.php#id2012-05-08-1" - }, - { - "name" : "https://bugs.php.net/bug.php?id=61910", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=61910" - }, - { - "name" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1" - }, - { - "name" : "http://support.apple.com/kb/HT5501", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5501" - }, - { - "name" : "APPLE-SA-2012-09-19-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" - }, - { - "name" : "DSA-2465", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2465" - }, - { - "name" : "HPSBUX02791", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2" - }, - { - "name" : "SSRT100856", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2" - }, - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT100992", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "openSUSE-SU-2012:0590", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html" - }, - { - "name" : "SUSE-SU-2012:0598", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html" - }, - { - "name" : "SUSE-SU-2012:0604", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html" - }, - { - "name" : "VU#520827", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520827" - }, - { - "name" : "1027022", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027022" - }, - { - "name" : "49014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49014" - }, - { - "name" : "49085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100856", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2" + }, + { + "name": "SUSE-SU-2012:0604", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html" + }, + { + "name": "1027022", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027022" + }, + { + "name": "openSUSE-SU-2012:0590", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html" + }, + { + "name": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1" + }, + { + "name": "49014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49014" + }, + { + "name": "SUSE-SU-2012:0598", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html" + }, + { + "name": "https://bugs.php.net/bug.php?id=61910", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=61910" + }, + { + "name": "http://www.php.net/archive/2012.php#id2012-05-08-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2012.php#id2012-05-08-1" + }, + { + "name": "APPLE-SA-2012-09-19-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT5501", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5501" + }, + { + "name": "SSRT100992", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", + "refsource": "MISC", + "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/" + }, + { + "name": "VU#520827", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520827" + }, + { + "name": "HPSBUX02791", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2" + }, + { + "name": "DSA-2465", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2465" + }, + { + "name": "49085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49085" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.4.3", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.4.3" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3083.json b/2012/3xxx/CVE-2012-3083.json index 7f12a3a953b..839ed5f226e 100644 --- a/2012/3xxx/CVE-2012-3083.json +++ b/2012/3xxx/CVE-2012-3083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3639.json b/2012/3xxx/CVE-2012-3639.json index ce62e58b66f..275e0395b88 100644 --- a/2012/3xxx/CVE-2012-3639.json +++ b/2012/3xxx/CVE-2012-3639.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3659.json b/2012/3xxx/CVE-2012-3659.json index cdc25d74613..9bb3f262e48 100644 --- a/2012/3xxx/CVE-2012-3659.json +++ b/2012/3xxx/CVE-2012-3659.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "oval:org.mitre.oval:def:17562", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17562" - }, - { - "name" : "apple-itunes-webkit-cve20123659(78515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-itunes-webkit-cve20123659(78515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78515" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:17562", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4120.json b/2012/4xxx/CVE-2012-4120.json index 486b85a8a88..9a2c17bb48e 100644 --- a/2012/4xxx/CVE-2012-4120.json +++ b/2012/4xxx/CVE-2012-4120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4120", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4120", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4173.json b/2012/4xxx/CVE-2012-4173.json index 69c92c34cee..4c0d80a9dd5 100644 --- a/2012/4xxx/CVE-2012-4173.json +++ b/2012/4xxx/CVE-2012-4173.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html" - }, - { - "name" : "VU#872545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/872545" - }, - { - "name" : "86538", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86538" - }, - { - "name" : "adobe-cve20124173-bo(79545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-cve20124173-bo(79545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79545" + }, + { + "name": "VU#872545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/872545" + }, + { + "name": "86538", + "refsource": "OSVDB", + "url": "http://osvdb.org/86538" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-23.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-23.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4540.json b/2012/4xxx/CVE-2012-4540.json index 3e867a36bc4..9e6e942d0ee 100644 --- a/2012/4xxx/CVE-2012-4540.json +++ b/2012/4xxx/CVE-2012-4540.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html" - }, - { - "name" : "[oss-security] 20121107 IcedTea-Web CVE-2012-4540", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/07/5" - }, - { - "name" : "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=869040", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=869040" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007960", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007960" - }, - { - "name" : "DSA-2768", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2768" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2012:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171" - }, - { - "name" : "RHSA-2012:1434", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1434.html" - }, - { - "name" : "openSUSE-SU-2012:1524", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html" - }, - { - "name" : "openSUSE-SU-2013:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html" - }, - { - "name" : "openSUSE-SU-2013:1509", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html" - }, - { - "name" : "openSUSE-SU-2013:1511", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html" - }, - { - "name" : "openSUSE-SU-2015:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html" - }, - { - "name" : "USN-1625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1625-1" - }, - { - "name" : "56434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56434" - }, - { - "name" : "62426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62426" - }, - { - "name" : "1027738", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027738" - }, - { - "name" : "51206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51206" - }, - { - "name" : "51220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51220" - }, - { - "name" : "51374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51374" - }, - { - "name" : "icedtea-applet-bo(79894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS" + }, + { + "name": "DSA-2768", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2768" + }, + { + "name": "openSUSE-SU-2015:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f" + }, + { + "name": "56434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56434" + }, + { + "name": "RHSA-2012:1434", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html" + }, + { + "name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html" + }, + { + "name": "51220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51220" + }, + { + "name": "openSUSE-SU-2013:1511", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html" + }, + { + "name": "icedtea-applet-bo(79894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894" + }, + { + "name": "51374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51374" + }, + { + "name": "1027738", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027738" + }, + { + "name": "USN-1625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1625-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=869040", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040" + }, + { + "name": "openSUSE-SU-2013:1509", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html" + }, + { + "name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html" + }, + { + "name": "51206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51206" + }, + { + "name": "openSUSE-SU-2012:1524", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html" + }, + { + "name": "62426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62426" + }, + { + "name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/07/5" + }, + { + "name": "MDVSA-2012:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe" + }, + { + "name": "openSUSE-SU-2013:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4916.json b/2012/4xxx/CVE-2012-4916.json index 4a4bb47f450..ce33346a231 100644 --- a/2012/4xxx/CVE-2012-4916.json +++ b/2012/4xxx/CVE-2012-4916.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4916", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4916", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6006.json b/2012/6xxx/CVE-2012-6006.json index 8c23de0aa79..56a080867c0 100644 --- a/2012/6xxx/CVE-2012-6006.json +++ b/2012/6xxx/CVE-2012-6006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6419.json b/2012/6xxx/CVE-2012-6419.json index 53af7bb2234..66ea1354ae7 100644 --- a/2012/6xxx/CVE-2012-6419.json +++ b/2012/6xxx/CVE-2012-6419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6419", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6419", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6626.json b/2012/6xxx/CVE-2012-6626.json index 3d2c6662ad3..0124e058363 100644 --- a/2012/6xxx/CVE-2012-6626.json +++ b/2012/6xxx/CVE-2012-6626.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120511 b2ePMS 1.0 Authentication Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0065.html" - }, - { - "name" : "18882", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18882" - }, - { - "name" : "53505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53505" - }, - { - "name" : "b2epms-verifyuser-authentication-bypass(75569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75569" - }, - { - "name" : "b2epms-verifyuser-sql-injection(75568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53505" + }, + { + "name": "b2epms-verifyuser-sql-injection(75568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75568" + }, + { + "name": "18882", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18882" + }, + { + "name": "b2epms-verifyuser-authentication-bypass(75569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75569" + }, + { + "name": "20120511 b2ePMS 1.0 Authentication Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0065.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2291.json b/2017/2xxx/CVE-2017-2291.json index cdd3113b8dd..0c9b9fee5d2 100644 --- a/2017/2xxx/CVE-2017-2291.json +++ b/2017/2xxx/CVE-2017-2291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2666.json b/2017/2xxx/CVE-2017-2666.json index e9cbe872bb1..29d8c2a1f37 100644 --- a/2017/2xxx/CVE-2017-2666.json +++ b/2017/2xxx/CVE-2017-2666.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-2666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "undertow", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-444" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666" - }, - { - "name" : "DSA-3906", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3906" - }, - { - "name" : "RHSA-2017:1409", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-1409.html" - }, - { - "name" : "RHSA-2017:1410", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1410" - }, - { - "name" : "RHSA-2017:1411", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1411" - }, - { - "name" : "RHSA-2017:1412", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1412" - }, - { - "name" : "RHSA-2017:3454", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3454" - }, - { - "name" : "RHSA-2017:3455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3455" - }, - { - "name" : "RHSA-2017:3456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3456" - }, - { - "name" : "RHSA-2017:3458", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3458" - }, - { - "name" : "98966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1411", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1411" + }, + { + "name": "RHSA-2017:1409", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666" + }, + { + "name": "DSA-3906", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3906" + }, + { + "name": "RHSA-2017:3458", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3458" + }, + { + "name": "RHSA-2017:1410", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1410" + }, + { + "name": "RHSA-2017:1412", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1412" + }, + { + "name": "RHSA-2017:3455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3455" + }, + { + "name": "RHSA-2017:3456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3456" + }, + { + "name": "98966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98966" + }, + { + "name": "RHSA-2017:3454", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3454" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2967.json b/2017/2xxx/CVE-2017-2967.json index d44b8741924..4cd1a78c105 100644 --- a/2017/2xxx/CVE-2017-2967.json +++ b/2017/2xxx/CVE-2017-2967.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-031", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-031" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95345" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-031", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-031" + }, + { + "name": "95345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95345" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6234.json b/2017/6xxx/CVE-2017-6234.json index 0734feb2ed0..79ab187f30d 100644 --- a/2017/6xxx/CVE-2017-6234.json +++ b/2017/6xxx/CVE-2017-6234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6834.json b/2017/6xxx/CVE-2017-6834.json index 92e1868a245..5e7e7d658fa 100644 --- a/2017/6xxx/CVE-2017-6834.json +++ b/2017/6xxx/CVE-2017-6834.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/6" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/38", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/38" - }, - { - "name" : "https://github.com/mpruett/audiofile/pull/42", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/pull/42" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mpruett/audiofile/pull/42", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/pull/42" + }, + { + "name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/6" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/38", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/38" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11439.json b/2018/11xxx/CVE-2018-11439.json index 10f94d4efc8..abca965f089 100644 --- a/2018/11xxx/CVE-2018-11439.json +++ b/2018/11xxx/CVE-2018-11439.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180528 taglib 1.11.1 vuln", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/49" - }, - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1430-1] taglib security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1430-1] taglib security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html" + }, + { + "name": "20180528 taglib 1.11.1 vuln", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/49" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11662.json b/2018/11xxx/CVE-2018-11662.json index 19947b933c4..d788c3b3c38 100644 --- a/2018/11xxx/CVE-2018-11662.json +++ b/2018/11xxx/CVE-2018-11662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11662", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11662", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11772.json b/2018/11xxx/CVE-2018-11772.json index c8413985e1a..c9ccdb0118f 100644 --- a/2018/11xxx/CVE-2018-11772.json +++ b/2018/11xxx/CVE-2018-11772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11772", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11772", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11909.json b/2018/11xxx/CVE-2018-11909.json index a0474107647..c3c16776b59 100644 --- a/2018/11xxx/CVE-2018-11909.json +++ b/2018/11xxx/CVE-2018-11909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14092.json b/2018/14xxx/CVE-2018-14092.json index f6aa0dfc3d2..fefd3f8ca91 100644 --- a/2018/14xxx/CVE-2018-14092.json +++ b/2018/14xxx/CVE-2018-14092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14125.json b/2018/14xxx/CVE-2018-14125.json index dd87b4de01d..57eddbe88a7 100644 --- a/2018/14xxx/CVE-2018-14125.json +++ b/2018/14xxx/CVE-2018-14125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14820.json b/2018/14xxx/CVE-2018-14820.json index c52be65ef1a..2397f02f2ff 100644 --- a/2018/14xxx/CVE-2018-14820.json +++ b/2018/14xxx/CVE-2018-14820.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-23T00:00:00", - "ID" : "CVE-2018-14820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess Versions 8.3.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-23T00:00:00", + "ID": "CVE-2018-14820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," - }, - { - "name" : "105728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105728" - }, - { - "name" : "1041939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041939" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "name": "105728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105728" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index f1d4091c19a..d4a020f98f7 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15238.json b/2018/15xxx/CVE-2018-15238.json index 3a140729349..fdde517bdb1 100644 --- a/2018/15xxx/CVE-2018-15238.json +++ b/2018/15xxx/CVE-2018-15238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15319.json b/2018/15xxx/CVE-2018-15319.json index 0656bab094c..20feefaf256 100644 --- a/2018/15xxx/CVE-2018-15319.json +++ b/2018/15xxx/CVE-2018-15319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2018-15319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2018-15319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K64208870", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K64208870" - }, - { - "name" : "107052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107052" + }, + { + "name": "https://support.f5.com/csp/article/K64208870", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K64208870" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15573.json b/2018/15xxx/CVE-2018-15573.json index 2a8e05708e0..27ef916f182 100644 --- a/2018/15xxx/CVE-2018-15573.json +++ b/2018/15xxx/CVE-2018-15573.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated \"We do not consider this a vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/", - "refsource" : "MISC", - "url" : "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated \"We do not consider this a vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/", + "refsource": "MISC", + "url": "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15794.json b/2018/15xxx/CVE-2018-15794.json index 150b7ae386e..06e4a8ead06 100644 --- a/2018/15xxx/CVE-2018-15794.json +++ b/2018/15xxx/CVE-2018-15794.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15794", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15794", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15870.json b/2018/15xxx/CVE-2018-15870.json index 8c1498ba900..6a8f0da89bf 100644 --- a/2018/15xxx/CVE-2018-15870.json +++ b/2018/15xxx/CVE-2018-15870.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/122", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/122", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/122" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20609.json b/2018/20xxx/CVE-2018-20609.json index 0015b73ac12..39ad8fd4724 100644 --- a/2018/20xxx/CVE-2018-20609.json +++ b/2018/20xxx/CVE-2018-20609.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8030.json b/2018/8xxx/CVE-2018-8030.json index ba68e497dff..bd366131507 100644 --- a/2018/8xxx/CVE-2018-8030.json +++ b/2018/8xxx/CVE-2018-8030.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-06-18T00:00:00", - "ID" : "CVE-2018-8030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Qpid Broker-J", - "version" : { - "version_data" : [ - { - "version_value" : "7.0.0, 7.0.1, 7.0.2, 7.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-18T00:00:00", + "ID": "CVE-2018-8030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Broker-J", + "version": { + "version_data": [ + { + "version_value": "7.0.0, 7.0.1, 7.0.2, 7.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E" - }, - { - "name" : "1041138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041138" + }, + { + "name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E" + } + ] + } +} \ No newline at end of file