From 395a21aaa7a29b7df271237407a1d57ffc0701a8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:39:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0163.json | 190 +++++----- 2002/0xxx/CVE-2002-0324.json | 150 ++++---- 2002/0xxx/CVE-2002-0432.json | 150 ++++---- 2002/2xxx/CVE-2002-2247.json | 140 ++++---- 2002/2xxx/CVE-2002-2422.json | 160 ++++----- 2005/0xxx/CVE-2005-0141.json | 190 +++++----- 2005/0xxx/CVE-2005-0371.json | 120 +++---- 2005/0xxx/CVE-2005-0555.json | 210 +++++------ 2005/0xxx/CVE-2005-0764.json | 130 +++---- 2005/0xxx/CVE-2005-0863.json | 150 ++++---- 2005/0xxx/CVE-2005-0919.json | 180 +++++----- 2005/1xxx/CVE-2005-1318.json | 140 ++++---- 2005/1xxx/CVE-2005-1611.json | 160 ++++----- 2005/1xxx/CVE-2005-1856.json | 120 +++---- 2005/4xxx/CVE-2005-4369.json | 160 ++++----- 2009/0xxx/CVE-2009-0204.json | 180 +++++----- 2009/0xxx/CVE-2009-0270.json | 180 +++++----- 2009/0xxx/CVE-2009-0586.json | 260 +++++++------- 2009/0xxx/CVE-2009-0846.json | 630 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1446.json | 160 ++++----- 2009/1xxx/CVE-2009-1934.json | 200 +++++------ 2009/1xxx/CVE-2009-1948.json | 160 ++++----- 2009/4xxx/CVE-2009-4996.json | 150 ++++---- 2012/2xxx/CVE-2012-2319.json | 200 +++++------ 2012/2xxx/CVE-2012-2512.json | 160 ++++----- 2012/2xxx/CVE-2012-2890.json | 170 ++++----- 2012/2xxx/CVE-2012-2960.json | 140 ++++---- 2012/3xxx/CVE-2012-3430.json | 290 +++++++-------- 2012/3xxx/CVE-2012-3548.json | 180 +++++----- 2012/3xxx/CVE-2012-3859.json | 120 +++---- 2012/4xxx/CVE-2012-4037.json | 190 +++++----- 2012/4xxx/CVE-2012-4811.json | 34 +- 2012/6xxx/CVE-2012-6091.json | 34 +- 2015/5xxx/CVE-2015-5076.json | 160 ++++----- 2015/5xxx/CVE-2015-5415.json | 34 +- 2017/2xxx/CVE-2017-2001.json | 34 +- 2017/2xxx/CVE-2017-2041.json | 34 +- 2017/2xxx/CVE-2017-2370.json | 190 +++++----- 2017/2xxx/CVE-2017-2500.json | 130 +++---- 2017/2xxx/CVE-2017-2661.json | 132 +++---- 2018/11xxx/CVE-2018-11447.json | 122 +++---- 2018/11xxx/CVE-2018-11486.json | 120 +++---- 2018/11xxx/CVE-2018-11544.json | 120 +++---- 2018/14xxx/CVE-2018-14302.json | 130 +++---- 2018/14xxx/CVE-2018-14648.json | 170 ++++----- 2018/14xxx/CVE-2018-14860.json | 34 +- 2018/15xxx/CVE-2018-15657.json | 130 +++---- 2018/15xxx/CVE-2018-15766.json | 166 ++++----- 2018/15xxx/CVE-2018-15819.json | 34 +- 2018/8xxx/CVE-2018-8038.json | 152 ++++---- 2018/8xxx/CVE-2018-8169.json | 428 +++++++++++----------- 2018/8xxx/CVE-2018-8699.json | 34 +- 2018/8xxx/CVE-2018-8817.json | 130 +++---- 53 files changed, 4136 insertions(+), 4136 deletions(-) diff --git a/2002/0xxx/CVE-2002-0163.json b/2002/0xxx/CVE-2002-0163.json index 8dc2e7746a0..a31ea1c33aa 100644 --- a/2002/0xxx/CVE-2002-0163.json +++ b/2002/0xxx/CVE-2002-0163.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt" - }, - { - "name" : "FreeBSD-SA-02:19", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc" - }, - { - "name" : "MDKSA-2002:027", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php" - }, - { - "name" : "20020326 updated squid advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101716495023226&w=2" - }, - { - "name" : "CSSA-2002-017.1", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt" - }, - { - "name" : "RHSA-2002:051", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-051.html" - }, - { - "name" : "4363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4363" - }, - { - "name" : "squid-dns-reply-dos(8628)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8628.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:051", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-051.html" + }, + { + "name": "MDKSA-2002:027", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php" + }, + { + "name": "CSSA-2002-017.1", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt" + }, + { + "name": "20020326 updated squid advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101716495023226&w=2" + }, + { + "name": "squid-dns-reply-dos(8628)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8628.php" + }, + { + "name": "4363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4363" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt" + }, + { + "name": "FreeBSD-SA-02:19", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0324.json b/2002/0xxx/CVE-2002-0324.json index 56c8227d58d..999702262b7 100644 --- a/2002/0xxx/CVE-2002-0324.json +++ b/2002/0xxx/CVE-2002-0324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a \"Clear And Exit\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020224 Greymatter 1.21c and earlier - remote login/pass exposure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101465343308249&w=2" - }, - { - "name" : "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm", - "refsource" : "MISC", - "url" : "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm" - }, - { - "name" : "greymatter-gmrightclick-account-information(8277)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8277.php" - }, - { - "name" : "4169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a \"Clear And Exit\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm", + "refsource": "MISC", + "url": "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm" + }, + { + "name": "20020224 Greymatter 1.21c and earlier - remote login/pass exposure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101465343308249&w=2" + }, + { + "name": "4169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4169" + }, + { + "name": "greymatter-gmrightclick-account-information(8277)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8277.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0432.json b/2002/0xxx/CVE-2002-0432.json index 4399b1260ba..093ee6d936d 100644 --- a/2002/0xxx/CVE-2002-0432.json +++ b/2002/0xxx/CVE-2002-0432.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020309 Citadel/UX Server Remote DoS attack Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/260934" - }, - { - "name" : "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz" - }, - { - "name" : "citadel-helo-bo(8426)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8426.php" - }, - { - "name" : "4263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "citadel-helo-bo(8426)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8426.php" + }, + { + "name": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz", + "refsource": "CONFIRM", + "url": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz" + }, + { + "name": "20020309 Citadel/UX Server Remote DoS attack Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/260934" + }, + { + "name": "4263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4263" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2247.json b/2002/2xxx/CVE-2002-2247.json index c8b41fc80a2..a182590a9fe 100644 --- a/2002/2xxx/CVE-2002-2247.json +++ b/2002/2xxx/CVE-2002-2247.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021212 Multiple Mambo Site Server sec-weaknesses", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html" - }, - { - "name" : "6376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6376" - }, - { - "name" : "mambo-phpinfo-disclose-path(10853)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mambo-phpinfo-disclose-path(10853)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853" + }, + { + "name": "20021212 Multiple Mambo Site Server sec-weaknesses", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html" + }, + { + "name": "6376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6376" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2422.json b/2002/2xxx/CVE-2002-2422.json index be60daab4f7..173ad6c1d5e 100644 --- a/2002/2xxx/CVE-2002-2422.json +++ b/2002/2xxx/CVE-2002-2422.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021001 XSS bug in Compaq Insight Manager Http server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/293715" - }, - { - "name" : "20021001 Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294020" - }, - { - "name" : "20021004 RE: XSS bug in Compaq Insight Manager Http server", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294160" - }, - { - "name" : "5780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5780" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html" + }, + { + "name": "20021001 Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294020" + }, + { + "name": "20021004 RE: XSS bug in Compaq Insight Manager Http server", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294160" + }, + { + "name": "5780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5780" + }, + { + "name": "20021001 XSS bug in Compaq Insight Manager Http server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/293715" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0141.json b/2005/0xxx/CVE-2005-0141.json index 1eba0724d8b..cb6e7e63541 100644 --- a/2005/0xxx/CVE-2005-0141.json +++ b/2005/0xxx/CVE-2005-0141.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=249332" - }, - { - "name" : "RHSA-2005:323", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-323.html" - }, - { - "name" : "RHSA-2005:335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html" - }, - { - "name" : "12407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12407" - }, - { - "name" : "oval:org.mitre.oval:def:100057", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057" - }, - { - "name" : "oval:org.mitre.oval:def:10756", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756" - }, - { - "name" : "mozilla-firefox-file-upload(19168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:323", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-323.html" + }, + { + "name": "12407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12407" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=249332", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=249332" + }, + { + "name": "RHSA-2005:335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-335.html" + }, + { + "name": "mozilla-firefox-file-upload(19168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168" + }, + { + "name": "oval:org.mitre.oval:def:10756", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-01.html" + }, + { + "name": "oval:org.mitre.oval:def:100057", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0371.json b/2005/0xxx/CVE-2005-0371.json index fc311126f23..eabc45bba92 100644 --- a/2005/0xxx/CVE-2005-0371.json +++ b/2005/0xxx/CVE-2005-0371.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050210 Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110811699206052&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050210 Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110811699206052&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0555.json b/2005/0xxx/CVE-2005-0555.json index e0ee1234d2b..36d7b947f3e 100644 --- a/2005/0xxx/CVE-2005-0555.json +++ b/2005/0xxx/CVE-2005-0555.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka \"Content Advisor Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-0555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" - }, - { - "name" : "TA05-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" - }, - { - "name" : "VU#222050", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/222050" - }, - { - "name" : "oval:org.mitre.oval:def:2077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2077" - }, - { - "name" : "oval:org.mitre.oval:def:2786", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2786" - }, - { - "name" : "oval:org.mitre.oval:def:3157", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3157" - }, - { - "name" : "oval:org.mitre.oval:def:3926", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3926" - }, - { - "name" : "oval:org.mitre.oval:def:4674", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4674" - }, - { - "name" : "14922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14922/" - }, - { - "name" : "ie-content-advisor-bo(19842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka \"Content Advisor Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2077" + }, + { + "name": "oval:org.mitre.oval:def:4674", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4674" + }, + { + "name": "oval:org.mitre.oval:def:3926", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3926" + }, + { + "name": "14922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14922/" + }, + { + "name": "oval:org.mitre.oval:def:3157", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3157" + }, + { + "name": "MS05-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020" + }, + { + "name": "ie-content-advisor-bo(19842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19842" + }, + { + "name": "oval:org.mitre.oval:def:2786", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2786" + }, + { + "name": "TA05-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html" + }, + { + "name": "VU#222050", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/222050" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0764.json b/2005/0xxx/CVE-2005-0764.json index faf0a7fad31..78b29f5965f 100644 --- a/2005/0xxx/CVE-2005-0764.json +++ b/2005/0xxx/CVE-2005-0764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200503-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=84680", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=84680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200503-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=84680", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=84680" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0863.json b/2005/0xxx/CVE-2005-0863.json index 508a8b77e0c..040653aaca0 100644 --- a/2005/0xxx/CVE-2005-0863.json +++ b/2005/0xxx/CVE-2005-0863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050317 [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Mar/0331.html" - }, - { - "name" : "12841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12841" - }, - { - "name" : "14651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14651" - }, - { - "name" : "phpopenchat-regulars-register-xss(19748)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050317 [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Mar/0331.html" + }, + { + "name": "14651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14651" + }, + { + "name": "12841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12841" + }, + { + "name": "phpopenchat-regulars-register-xss(19748)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19748" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0919.json b/2005/0xxx/CVE-2005-0919.json index 898bd28e287..5bfbb542f0a 100644 --- a/2005/0xxx/CVE-2005-0919.json +++ b/2005/0xxx/CVE-2005-0919.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050329 Adventia Chat", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111211930330410&w=2" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt" - }, - { - "name" : "12927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12927" - }, - { - "name" : "12940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12940" - }, - { - "name" : "15156", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15156" - }, - { - "name" : "1013588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013588" - }, - { - "name" : "adventia-chat-field-xss(21317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12927" + }, + { + "name": "12940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12940" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt" + }, + { + "name": "1013588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013588" + }, + { + "name": "adventia-chat-field-xss(21317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21317" + }, + { + "name": "20050329 Adventia Chat", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111211930330410&w=2" + }, + { + "name": "15156", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15156" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1318.json b/2005/1xxx/CVE-2005-1318.json index 3eb119bf842..b794421c6be 100644 --- a/2005/1xxx/CVE-2005-1318.json +++ b/2005/1xxx/CVE-2005-1318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[sork] 20050422 Forwards 2.2.2 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002145.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h" - }, - { - "name" : "15082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h" + }, + { + "name": "[sork] 20050422 Forwards 2.2.2 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002145.html" + }, + { + "name": "15082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15082" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1611.json b/2005/1xxx/CVE-2005-1611.json index ab7ced883fc..8752557ce51 100644 --- a/2005/1xxx/CVE-2005-1611.json +++ b/2005/1xxx/CVE-2005-1611.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an \"@\" followed by the desired script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/16/16070-webcrossing.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/16/16070-webcrossing.txt" - }, - { - "name" : "13482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13482" - }, - { - "name" : "16070", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16070" - }, - { - "name" : "15218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15218" - }, - { - "name" : "web-crossing-webx-xss(20381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an \"@\" followed by the desired script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "web-crossing-webx-xss(20381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20381" + }, + { + "name": "15218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15218" + }, + { + "name": "13482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13482" + }, + { + "name": "http://osvdb.org/ref/16/16070-webcrossing.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/16/16070-webcrossing.txt" + }, + { + "name": "16070", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16070" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1856.json b/2005/1xxx/CVE-2005-1856.json index fdcc5d90eed..43c83f5bae4 100644 --- a/2005/1xxx/CVE-2005-1856.json +++ b/2005/1xxx/CVE-2005-1856.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-787", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-787", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-787" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4369.json b/2005/4xxx/CVE-2005-4369.json index 26e7e0953ed..4cd198f22f1 100644 --- a/2005/4xxx/CVE-2005-4369.json +++ b/2005/4xxx/CVE-2005-4369.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html" - }, - { - "name" : "15934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15934" - }, - { - "name" : "ADV-2005-2970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2970" - }, - { - "name" : "21794", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21794" - }, - { - "name" : "18070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15934" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html" + }, + { + "name": "18070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18070" + }, + { + "name": "ADV-2005-2970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2970" + }, + { + "name": "21794", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21794" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0204.json b/2009/0xxx/CVE-2009-0204.json index 91a51bf6446..3f5090af608 100644 --- a/2009/0xxx/CVE-2009-0204.json +++ b/2009/0xxx/CVE-2009-0204.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02403", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123324765514459&w=2" - }, - { - "name" : "SSRT090007", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123324765514459&w=2" - }, - { - "name" : "33505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33505" - }, - { - "name" : "ADV-2009-0296", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0296" - }, - { - "name" : "1021641", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021641" - }, - { - "name" : "33713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33713" - }, - { - "name" : "selectaccess-unspecified-xss(48334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090007", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123324765514459&w=2" + }, + { + "name": "33713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33713" + }, + { + "name": "ADV-2009-0296", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0296" + }, + { + "name": "33505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33505" + }, + { + "name": "selectaccess-unspecified-xss(48334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48334" + }, + { + "name": "1021641", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021641" + }, + { + "name": "HPSBMA02403", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123324765514459&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0270.json b/2009/0xxx/CVE-2009-0270.json index c66b4735267..064b5a438c1 100644 --- a/2009/0xxx/CVE-2009-0270.json +++ b/2009/0xxx/CVE-2009-0270.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500172/100/0/threaded" - }, - { - "name" : "http://www.wintercore.com/advisories/advisory_W010109.html", - "refsource" : "MISC", - "url" : "http://www.wintercore.com/advisories/advisory_W010109.html" - }, - { - "name" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html" - }, - { - "name" : "33342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33342" - }, - { - "name" : "ADV-2009-0176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0176" - }, - { - "name" : "51486", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51486" - }, - { - "name" : "33594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51486", + "refsource": "OSVDB", + "url": "http://osvdb.org/51486" + }, + { + "name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded" + }, + { + "name": "ADV-2009-0176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0176" + }, + { + "name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html" + }, + { + "name": "http://www.wintercore.com/advisories/advisory_W010109.html", + "refsource": "MISC", + "url": "http://www.wintercore.com/advisories/advisory_W010109.html" + }, + { + "name": "33342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33342" + }, + { + "name": "33594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33594" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0586.json b/2009/0xxx/CVE-2009-0586.json index f546bf394bd..ee629782bf1 100644 --- a/2009/0xxx/CVE-2009-0586.json +++ b/2009/0xxx/CVE-2009-0586.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501712/100/0/threaded" - }, - { - "name" : "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/03/12/2" - }, - { - "name" : "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff", - "refsource" : "MISC", - "url" : "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-015.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-015.html" - }, - { - "name" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9" - }, - { - "name" : "GLSA-200907-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-11.xml" - }, - { - "name" : "MDVSA-2009:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:085" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "USN-735-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-735-1" - }, - { - "name" : "34100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34100" - }, - { - "name" : "oval:org.mitre.oval:def:9694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694" - }, - { - "name" : "34335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34335" - }, - { - "name" : "34350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34350" - }, - { - "name" : "35777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35777" - }, - { - "name" : "gstreamer-gstvorbistagaddcoverart-bo(49274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694" + }, + { + "name": "34335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34335" + }, + { + "name": "35777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35777" + }, + { + "name": "34350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34350" + }, + { + "name": "GLSA-200907-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-11.xml" + }, + { + "name": "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9" + }, + { + "name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/03/12/2" + }, + { + "name": "34100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34100" + }, + { + "name": "MDVSA-2009:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:085" + }, + { + "name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded" + }, + { + "name": "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff", + "refsource": "MISC", + "url": "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + }, + { + "name": "USN-735-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-735-1" + }, + { + "name": "gstreamer-gstvorbistagaddcoverart-bo(49274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49274" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-015.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-015.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0846.json b/2009/0xxx/CVE-2009-0846.json index 74e69b5166b..7236a8e28ec 100644 --- a/2009/0xxx/CVE-2009-0846.json +++ b/2009/0xxx/CVE-2009-0846.json @@ -1,317 +1,317 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502527/100/0/threaded" - }, - { - "name" : "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502546/100/0/threaded" - }, - { - "name" : "20090701 VMSA-2009-0008 ESX Service Console update for krb5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504683/100/0/threaded" - }, - { - "name" : "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000059.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058", - "refsource" : "MISC", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html", - "refsource" : "MISC", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html", - "refsource" : "MISC", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0008.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0008.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "FEDORA-2009-2834", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html" - }, - { - "name" : "FEDORA-2009-2852", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html" - }, - { - "name" : "GLSA-200904-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-09.xml" - }, - { - "name" : "HPSBUX02421", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124896429301168&w=2" - }, - { - "name" : "SSRT090047", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124896429301168&w=2" - }, - { - "name" : "HPSBOV02682", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "SSRT100495", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "MDVSA-2009:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098" - }, - { - "name" : "RHSA-2009:0408", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0408.html" - }, - { - "name" : "RHSA-2009:0409", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0409.html" - }, - { - "name" : "RHSA-2009:0410", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0410.html" - }, - { - "name" : "256728", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1" - }, - { - "name" : "USN-755-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-755-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "VU#662091", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/662091" - }, - { - "name" : "34409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34409" - }, - { - "name" : "oval:org.mitre.oval:def:10694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694" - }, - { - "name" : "oval:org.mitre.oval:def:5483", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483" - }, - { - "name" : "oval:org.mitre.oval:def:6301", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301" - }, - { - "name" : "1021994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021994" - }, - { - "name" : "34640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34640" - }, - { - "name" : "34594", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34594" - }, - { - "name" : "34617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34617" - }, - { - "name" : "34622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34622" - }, - { - "name" : "34630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34630" - }, - { - "name" : "34637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34637" - }, - { - "name" : "34598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34598" - }, - { - "name" : "34628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34628" - }, - { - "name" : "34734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34734" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35667", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35667" - }, - { - "name" : "ADV-2009-0960", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0960" - }, - { - "name" : "ADV-2009-0976", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0976" - }, - { - "name" : "ADV-2009-1106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1106" - }, - { - "name" : "ADV-2009-1057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1057" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2009-2084", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2084" - }, - { - "name" : "ADV-2009-2248", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090701 VMSA-2009-0008 ESX Service Console update for krb5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html", + "refsource": "MISC", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html" + }, + { + "name": "oval:org.mitre.oval:def:6301", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301" + }, + { + "name": "MDVSA-2009:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098" + }, + { + "name": "VU#662091", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/662091" + }, + { + "name": "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded" + }, + { + "name": "ADV-2009-0960", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0960" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm" + }, + { + "name": "35667", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35667" + }, + { + "name": "RHSA-2009:0408", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html" + }, + { + "name": "34637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34637" + }, + { + "name": "SSRT100495", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "ADV-2009-2084", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2084" + }, + { + "name": "oval:org.mitre.oval:def:10694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694" + }, + { + "name": "34640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34640" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "256728", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1" + }, + { + "name": "GLSA-200904-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-09.xml" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html", + "refsource": "MISC", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html" + }, + { + "name": "ADV-2009-0976", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0976" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "USN-755-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-755-1" + }, + { + "name": "34630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34630" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120" + }, + { + "name": "oval:org.mitre.oval:def:5483", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483" + }, + { + "name": "ADV-2009-1057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1057" + }, + { + "name": "34617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34617" + }, + { + "name": "34628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34628" + }, + { + "name": "34734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34734" + }, + { + "name": "ADV-2009-2248", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2248" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058", + "refsource": "MISC", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058" + }, + { + "name": "34598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34598" + }, + { + "name": "RHSA-2009:0409", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "34622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34622" + }, + { + "name": "1021994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021994" + }, + { + "name": "FEDORA-2009-2852", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html" + }, + { + "name": "FEDORA-2009-2834", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html" + }, + { + "name": "RHSA-2009:0410", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html" + }, + { + "name": "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058" + }, + { + "name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt" + }, + { + "name": "HPSBOV02682", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "34594", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34594" + }, + { + "name": "ADV-2009-1106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1106" + }, + { + "name": "HPSBUX02421", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2" + }, + { + "name": "34409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34409" + }, + { + "name": "SSRT090047", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1446.json b/2009/1xxx/CVE-2009-1446.json index 053e0a40cd3..2c9a6738a3f 100644 --- a/2009/1xxx/CVE-2009-1446.json +++ b/2009/1xxx/CVE-2009-1446.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8514", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8514" - }, - { - "name" : "34679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34679" - }, - { - "name" : "54115", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54115" - }, - { - "name" : "25844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25844" - }, - { - "name" : "ADV-2009-1149", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54115", + "refsource": "OSVDB", + "url": "http://osvdb.org/54115" + }, + { + "name": "8514", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8514" + }, + { + "name": "ADV-2009-1149", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1149" + }, + { + "name": "34679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34679" + }, + { + "name": "25844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25844" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1934.json b/2009/1xxx/CVE-2009-1934.json index e902e1633cc..a23d59bf894 100644 --- a/2009/1xxx/CVE-2009-1934.json +++ b/2009/1xxx/CVE-2009-1934.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm" - }, - { - "name" : "259588", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1" - }, - { - "name" : "35204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35204" - }, - { - "name" : "54872", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54872" - }, - { - "name" : "1022334", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022334" - }, - { - "name" : "35338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35338" - }, - { - "name" : "ADV-2009-1500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1500" - }, - { - "name" : "jsws-reverseproxyplugin-xss(50951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "259588", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1" + }, + { + "name": "35338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35338" + }, + { + "name": "35204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35204" + }, + { + "name": "54872", + "refsource": "OSVDB", + "url": "http://osvdb.org/54872" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1" + }, + { + "name": "ADV-2009-1500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1500" + }, + { + "name": "1022334", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022334" + }, + { + "name": "jsws-reverseproxyplugin-xss(50951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1948.json b/2009/1xxx/CVE-2009-1948.json index 8add6ff002c..4e7fa41498f 100644 --- a/2009/1xxx/CVE-2009-1948.json +++ b/2009/1xxx/CVE-2009-1948.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8841", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8841" - }, - { - "name" : "35183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35183" - }, - { - "name" : "35299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35299" - }, - { - "name" : "unb-forum-directory-traversal(50877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50877" - }, - { - "name" : "unb-forum-file-include(50878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unb-forum-directory-traversal(50877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50877" + }, + { + "name": "unb-forum-file-include(50878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50878" + }, + { + "name": "35183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35183" + }, + { + "name": "35299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35299" + }, + { + "name": "8841", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8841" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4996.json b/2009/4xxx/CVE-2009-4996.json index 45602899484..4c51619b465 100644 --- a/2009/4xxx/CVE-2009-4996.json +++ b/2009/4xxx/CVE-2009-4996.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.xfce.org/show_bug.cgi?id=4805", - "refsource" : "MISC", - "url" : "http://bugzilla.xfce.org/show_bug.cgi?id=4805" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=525395", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=525395" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=587633", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=587633" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.xfce.org/show_bug.cgi?id=4805", + "refsource": "MISC", + "url": "http://bugzilla.xfce.org/show_bug.cgi?id=4805" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=587633", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=587633" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=525395", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525395" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2319.json b/2012/2xxx/CVE-2012-2319.json index 8c11ea4de74..bfee4f30fb1 100644 --- a/2012/2xxx/CVE-2012-2319.json +++ b/2012/2xxx/CVE-2012-2319.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=819471", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=819471" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77" - }, - { - "name" : "RHSA-2012:1323", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1323.html" - }, - { - "name" : "RHSA-2012:1347", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1347.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "50811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50811" + }, + { + "name": "[oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/11" + }, + { + "name": "RHSA-2012:1323", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html" + }, + { + "name": "RHSA-2012:1347", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1347.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=819471", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=819471" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5" + }, + { + "name": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2512.json b/2012/2xxx/CVE-2012-2512.json index bb0d8956545..831dc0b0b7c 100644 --- a/2012/2xxx/CVE-2012-2512.json +++ b/2012/2xxx/CVE-2012-2512.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1687910", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/1687910" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "1027052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027052" - }, - { - "name" : "netweaver-diagtracestream-dos(75454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netweaver-diagtracestream-dos(75454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75454" + }, + { + "name": "https://service.sap.com/sap/support/notes/1687910", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/1687910" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" + }, + { + "name": "1027052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027052" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2890.json b/2012/2xxx/CVE-2012-2890.json index e40253d61e7..6ef6ae40987 100644 --- a/2012/2xxx/CVE-2012-2890.json +++ b/2012/2xxx/CVE-2012-2890.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=143798", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=143798" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=144072", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=144072" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=147402", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=147402" - }, - { - "name" : "oval:org.mitre.oval:def:15766", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766" - }, - { - "name" : "google-chrome-cve20122890(78841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=144072", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=144072" + }, + { + "name": "oval:org.mitre.oval:def:15766", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=147402", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=147402" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=143798", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=143798" + }, + { + "name": "google-chrome-cve20122890(78841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78841" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2960.json b/2012/2xxx/CVE-2012-2960.json index b0e2ed7d545..fea1997cb1f 100644 --- a/2012/2xxx/CVE-2012-2960.json +++ b/2012/2xxx/CVE-2012-2960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02836", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" - }, - { - "name" : "SSRT100864", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" - }, - { - "name" : "VU#960468", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02836", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" + }, + { + "name": "VU#960468", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960468" + }, + { + "name": "SSRT100864", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3430.json b/2012/3xxx/CVE-2012-3430.json index d37919eee2f..b665f93404a 100644 --- a/2012/3xxx/CVE-2012-3430.json +++ b/2012/3xxx/CVE-2012-3430.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120726 Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/26/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=820039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=820039" - }, - { - "name" : "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7" - }, - { - "name" : "RHSA-2012:1323", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1323.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "USN-1567-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1567-1" - }, - { - "name" : "USN-1568-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1568-1" - }, - { - "name" : "USN-1572-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1572-1" - }, - { - "name" : "USN-1579-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1579-1" - }, - { - "name" : "USN-1580-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1580-1" - }, - { - "name" : "USN-1575-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1575-1" - }, - { - "name" : "USN-1577-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1577-1" - }, - { - "name" : "USN-1578-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1578-1" - }, - { - "name" : "50633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50633" - }, - { - "name" : "50811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50811" - }, - { - "name" : "50732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1572-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1572-1" + }, + { + "name": "USN-1579-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1579-1" + }, + { + "name": "USN-1578-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1578-1" + }, + { + "name": "50732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50732" + }, + { + "name": "50811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50811" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7" + }, + { + "name": "USN-1567-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1567-1" + }, + { + "name": "RHSA-2012:1323", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=820039", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=820039" + }, + { + "name": "USN-1577-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1577-1" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "USN-1568-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1568-1" + }, + { + "name": "USN-1575-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1575-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7" + }, + { + "name": "50633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50633" + }, + { + "name": "USN-1580-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1580-1" + }, + { + "name": "[oss-security] 20120726 Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/26/5" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3548.json b/2012/3xxx/CVE-2012-3548.json index 64f2ce8afa0..9b6946d02cf 100644 --- a/2012/3xxx/CVE-2012-3548.json +++ b/2012/3xxx/CVE-2012-3548.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/08/29/4" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=849926", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=849926" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "oval:org.mitre.oval:def:15646", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646" - }, - { - "name" : "1027464", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027464" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15646", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646" + }, + { + "name": "[oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/08/29/4" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=849926", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849926" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "1027464", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027464" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3859.json b/2012/3xxx/CVE-2012-3859.json index 068293bad8d..d1aa4ce0b45 100644 --- a/2012/3xxx/CVE-2012-3859.json +++ b/2012/3xxx/CVE-2012-3859.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4037.json b/2012/4xxx/CVE-2012-4037.json index a7e6bc2a6e3..747c7719bc2 100644 --- a/2012/4xxx/CVE-2012-4037.json +++ b/2012/4xxx/CVE-2012-4037.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120726 Transmission BitTorrent XSS Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html" - }, - { - "name" : "http://www.madirish.net/541", - "refsource" : "MISC", - "url" : "http://www.madirish.net/541" - }, - { - "name" : "https://trac.transmissionbt.com/ticket/4979", - "refsource" : "CONFIRM", - "url" : "https://trac.transmissionbt.com/ticket/4979" - }, - { - "name" : "https://trac.transmissionbt.com/wiki/Changes#version-2.61", - "refsource" : "CONFIRM", - "url" : "https://trac.transmissionbt.com/wiki/Changes#version-2.61" - }, - { - "name" : "USN-1584-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1584-1" - }, - { - "name" : "54705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54705" - }, - { - "name" : "50027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50027" - }, - { - "name" : "50769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.madirish.net/541", + "refsource": "MISC", + "url": "http://www.madirish.net/541" + }, + { + "name": "50769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50769" + }, + { + "name": "20120726 Transmission BitTorrent XSS Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html" + }, + { + "name": "54705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54705" + }, + { + "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61", + "refsource": "CONFIRM", + "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61" + }, + { + "name": "https://trac.transmissionbt.com/ticket/4979", + "refsource": "CONFIRM", + "url": "https://trac.transmissionbt.com/ticket/4979" + }, + { + "name": "50027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50027" + }, + { + "name": "USN-1584-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1584-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4811.json b/2012/4xxx/CVE-2012-4811.json index 4c587018a44..c050e3fa9d8 100644 --- a/2012/4xxx/CVE-2012-4811.json +++ b/2012/4xxx/CVE-2012-4811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4811", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6091.json b/2012/6xxx/CVE-2012-6091.json index d890a1d29c3..988f0d710b2 100644 --- a/2012/6xxx/CVE-2012-6091.json +++ b/2012/6xxx/CVE-2012-6091.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6091", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6091", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5076.json b/2015/5xxx/CVE-2015-5076.json index 5d17432b141..6859132734d 100644 --- a/2015/5xxx/CVE-2015-5076.json +++ b/2015/5xxx/CVE-2015-5076.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536545/100/0/threaded" - }, - { - "name" : "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/91" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/" - }, - { - "name" : "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536545/100/0/threaded" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/" + }, + { + "name": "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8", + "refsource": "CONFIRM", + "url": "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8" + }, + { + "name": "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/91" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5415.json b/2015/5xxx/CVE-2015-5415.json index 1b1ef3d1ab6..e5de3aa0dc2 100644 --- a/2015/5xxx/CVE-2015-5415.json +++ b/2015/5xxx/CVE-2015-5415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5415", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5415", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2001.json b/2017/2xxx/CVE-2017-2001.json index da3c0120ab9..553510c3319 100644 --- a/2017/2xxx/CVE-2017-2001.json +++ b/2017/2xxx/CVE-2017-2001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2001", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2001", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2041.json b/2017/2xxx/CVE-2017-2041.json index 664b0ccdc70..105f9e222f8 100644 --- a/2017/2xxx/CVE-2017-2041.json +++ b/2017/2xxx/CVE-2017-2041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2041", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2041", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2370.json b/2017/2xxx/CVE-2017-2370.json index bb951faeeb9..dc44d4f62c8 100644 --- a/2017/2xxx/CVE-2017-2370.json +++ b/2017/2xxx/CVE-2017-2370.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41163", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41163/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004" - }, - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "https://support.apple.com/HT207483", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207483" - }, - { - "name" : "https://support.apple.com/HT207485", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207485" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "95731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95731" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004" + }, + { + "name": "41163", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41163/" + }, + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "https://support.apple.com/HT207483", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207483" + }, + { + "name": "95731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95731" + }, + { + "name": "https://support.apple.com/HT207485", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207485" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2500.json b/2017/2xxx/CVE-2017-2500.json index bcf4b1588d3..355ee65e0d9 100644 --- a/2017/2xxx/CVE-2017-2500.json +++ b/2017/2xxx/CVE-2017-2500.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2661.json b/2017/2xxx/CVE-2017-2661.json index 21ddbd1590e..9ea5433fdce 100644 --- a/2017/2xxx/CVE-2017-2661.json +++ b/2017/2xxx/CVE-2017-2661.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-03-20T00:00:00", - "ID" : "CVE-2017-2661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pcs", - "version" : { - "version_data" : [ - { - "version_value" : "0.9.157" - } - ] - } - } - ] - }, - "vendor_name" : "ClusterLabs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-03-20T00:00:00", + "ID": "CVE-2017-2661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pcs", + "version": { + "version_data": [ + { + "version_value": "0.9.157" + } + ] + } + } + ] + }, + "vendor_name": "ClusterLabs" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428948", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428948" - }, - { - "name" : "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f", - "refsource" : "CONFIRM", - "url" : "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f", + "refsource": "CONFIRM", + "url": "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428948", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428948" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11447.json b/2018/11xxx/CVE-2018-11447.json index 134eadfed78..932d9493bb8 100644 --- a/2018/11xxx/CVE-2018-11447.json +++ b/2018/11xxx/CVE-2018-11447.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-06-15T00:00:00", - "ID" : "CVE-2018-11447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SCALANCE M875", - "version" : { - "version_data" : [ - { - "version_value" : "SCALANCE M875 All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-06-15T00:00:00", + "ID": "CVE-2018-11447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SCALANCE M875", + "version": { + "version_data": [ + { + "version_value": "SCALANCE M875 All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11486.json b/2018/11xxx/CVE-2018-11486.json index fa6660c6105..8ffd44c197c 100644 --- a/2018/11xxx/CVE-2018-11486.json +++ b/2018/11xxx/CVE-2018-11486.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/", - "refsource" : "MISC", - "url" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/", + "refsource": "MISC", + "url": "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11544.json b/2018/11xxx/CVE-2018-11544.json index 1c347fc2d9c..7a1e9e0a3fe 100644 --- a/2018/11xxx/CVE-2018-11544.json +++ b/2018/11xxx/CVE-2018-11544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pastebin.com/ygwczqpP", - "refsource" : "MISC", - "url" : "https://pastebin.com/ygwczqpP" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/ygwczqpP", + "refsource": "MISC", + "url": "https://pastebin.com/ygwczqpP" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14302.json b/2018/14xxx/CVE-2018-14302.json index 6c87c8cd026..cc949d5383c 100644 --- a/2018/14xxx/CVE-2018-14302.json +++ b/2018/14xxx/CVE-2018-14302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-762", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-762" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-762", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-762" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14648.json b/2018/14xxx/CVE-2018-14648.json index c25d5d9f427..1f3d413a5cd 100644 --- a/2018/14xxx/CVE-2018-14648.json +++ b/2018/14xxx/CVE-2018-14648.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "389-ds-base:", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "389-ds-base:", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648" - }, - { - "name" : "RHSA-2018:3127", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3127" - }, - { - "name" : "RHSA-2018:3507", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html" + }, + { + "name": "RHSA-2018:3507", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3507" + }, + { + "name": "RHSA-2018:3127", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3127" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14860.json b/2018/14xxx/CVE-2018-14860.json index 08a8c9776b7..a2c7198efe7 100644 --- a/2018/14xxx/CVE-2018-14860.json +++ b/2018/14xxx/CVE-2018-14860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15657.json b/2018/15xxx/CVE-2018-15657.json index ba8d48113bf..3981f127569 100644 --- a/2018/15xxx/CVE-2018-15657.json +++ b/2018/15xxx/CVE-2018-15657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx \"url\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46305", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46305/" - }, - { - "name" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/", - "refsource" : "MISC", - "url" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx \"url\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46305", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46305/" + }, + { + "name": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/", + "refsource": "MISC", + "url": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15766.json b/2018/15xxx/CVE-2018-15766.json index d0c464053cd..b8dc069c69f 100644 --- a/2018/15xxx/CVE-2018-15766.json +++ b/2018/15xxx/CVE-2018-15766.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-10-09T17:59:00.000Z", - "ID" : "CVE-2018-15766", - "STATE" : "PUBLIC", - "TITLE" : "Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Encryption", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "10.0.1 " - } - ] - } - }, - { - "product_name" : "Endpoint Security Suite Enterprise ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Dell" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the \"Minimum Password Length\" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the \"Encryption Management Agent\" or \"EMAgent\" application. There are no other known values modified." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Password Policy Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-10-09T17:59:00.000Z", + "ID": "CVE-2018-15766", + "STATE": "PUBLIC", + "TITLE": "Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Encryption", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "10.0.1 " + } + ] + } + }, + { + "product_name": "Endpoint Security Suite Enterprise ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en", - "refsource" : "CONFIRM", - "url" : "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "For affected devices, the minimum password length policy should be changed manually to what is desired for the current environment.\n\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise’s Encryption Management Agent is installed on a Domain Controller or a device that is not joined to a domain, the default minimum password length will need to be changed on the local device.\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise’s Encryption Management Agent is installed on a device that is joined to a domain, the default minimum password length will need to be changed within the enterprise’s Group Policy Management console.\nDefault values for this property is ‘7’ in most configurations.\n\nThis Microsoft KB article outlines how to modify this setting:\nhttps://technet.microsoft.com/en-us/library/dd277399.aspx External Link" - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the \"Minimum Password Length\" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the \"Encryption Management Agent\" or \"EMAgent\" application. There are no other known values modified." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password Policy Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en", + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "For affected devices, the minimum password length policy should be changed manually to what is desired for the current environment.\n\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise\u2019s Encryption Management Agent is installed on a Domain Controller or a device that is not joined to a domain, the default minimum password length will need to be changed on the local device.\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise\u2019s Encryption Management Agent is installed on a device that is joined to a domain, the default minimum password length will need to be changed within the enterprise\u2019s Group Policy Management console.\nDefault values for this property is \u20187\u2019 in most configurations.\n\nThis Microsoft KB article outlines how to modify this setting:\nhttps://technet.microsoft.com/en-us/library/dd277399.aspx External Link" + } + ] +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15819.json b/2018/15xxx/CVE-2018-15819.json index 86330b1effb..f71b1caf733 100644 --- a/2018/15xxx/CVE-2018-15819.json +++ b/2018/15xxx/CVE-2018-15819.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15819", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15819", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8038.json b/2018/8xxx/CVE-2018-8038.json index 53c67cc3f82..dd8c767eefc 100644 --- a/2018/8xxx/CVE-2018-8038.json +++ b/2018/8xxx/CVE-2018-8038.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-04T00:00:00", - "ID" : "CVE-2018-8038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CXF Fediz", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-04T00:00:00", + "ID": "CVE-2018-8038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CXF Fediz", + "version": { + "version_data": [ + { + "version_value": "prior to 1.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E" - }, - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc" - }, - { - "name" : "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d" - }, - { - "name" : "1041220", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E" + }, + { + "name": "1041220", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041220" + }, + { + "name": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d", + "refsource": "CONFIRM", + "url": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d" + }, + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8169.json b/2018/8xxx/CVE-2018-8169.json index eea3ace07b2..d1b773f271b 100644 --- a/2018/8xxx/CVE-2018-8169.json +++ b/2018/8xxx/CVE-2018-8169.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka \"HIDParser Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169" - }, - { - "name" : "104356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104356" - }, - { - "name" : "1041093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka \"HIDParser Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104356" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169" + }, + { + "name": "1041093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041093" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8699.json b/2018/8xxx/CVE-2018-8699.json index c7682e2391e..d9cd679f39c 100644 --- a/2018/8xxx/CVE-2018-8699.json +++ b/2018/8xxx/CVE-2018-8699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8817.json b/2018/8xxx/CVE-2018-8817.json index 87d9fbb9250..492c79a1c54 100644 --- a/2018/8xxx/CVE-2018-8817.json +++ b/2018/8xxx/CVE-2018-8817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wampserver before 3.1.3 has CSRF in add_vhost.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44385", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44385/" - }, - { - "name" : "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722", - "refsource" : "MISC", - "url" : "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wampserver before 3.1.3 has CSRF in add_vhost.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44385", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44385/" + }, + { + "name": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722", + "refsource": "MISC", + "url": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722" + } + ] + } +} \ No newline at end of file