From 3b73f2b70e55531b9c94cf2f7c8f81ebf3b750d8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:51:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0426.json | 150 +++++++------- 2002/0xxx/CVE-2002-0721.json | 190 +++++++++--------- 2002/0xxx/CVE-2002-0850.json | 160 +++++++-------- 2002/2xxx/CVE-2002-2066.json | 170 ++++++++-------- 2002/2xxx/CVE-2002-2079.json | 140 ++++++------- 2005/0xxx/CVE-2005-0120.json | 120 +++++------ 2005/0xxx/CVE-2005-0494.json | 140 ++++++------- 2005/1xxx/CVE-2005-1073.json | 170 ++++++++-------- 2005/1xxx/CVE-2005-1246.json | 140 ++++++------- 2005/1xxx/CVE-2005-1346.json | 120 +++++------ 2005/1xxx/CVE-2005-1386.json | 120 +++++------ 2005/1xxx/CVE-2005-1721.json | 130 ++++++------ 2005/1xxx/CVE-2005-1814.json | 140 ++++++------- 2009/0xxx/CVE-2009-0416.json | 170 ++++++++-------- 2009/0xxx/CVE-2009-0727.json | 160 +++++++-------- 2009/1xxx/CVE-2009-1035.json | 160 +++++++-------- 2009/1xxx/CVE-2009-1087.json | 150 +++++++------- 2009/1xxx/CVE-2009-1205.json | 34 ++-- 2009/1xxx/CVE-2009-1444.json | 140 ++++++------- 2009/1xxx/CVE-2009-1564.json | 230 ++++++++++----------- 2009/1xxx/CVE-2009-1885.json | 260 ++++++++++++------------ 2009/4xxx/CVE-2009-4343.json | 140 ++++++------- 2009/4xxx/CVE-2009-4749.json | 150 +++++++------- 2009/5xxx/CVE-2009-5060.json | 120 +++++------ 2012/2xxx/CVE-2012-2064.json | 170 ++++++++-------- 2012/2xxx/CVE-2012-2205.json | 140 ++++++------- 2012/2xxx/CVE-2012-2893.json | 210 ++++++++++---------- 2012/3xxx/CVE-2012-3245.json | 34 ++-- 2012/3xxx/CVE-2012-3407.json | 34 ++-- 2012/3xxx/CVE-2012-3432.json | 200 +++++++++---------- 2012/3xxx/CVE-2012-3704.json | 210 ++++++++++---------- 2012/4xxx/CVE-2012-4939.json | 120 +++++------ 2012/4xxx/CVE-2012-4996.json | 170 ++++++++-------- 2012/6xxx/CVE-2012-6152.json | 170 ++++++++-------- 2012/6xxx/CVE-2012-6159.json | 34 ++-- 2012/6xxx/CVE-2012-6459.json | 120 +++++------ 2015/5xxx/CVE-2015-5029.json | 34 ++-- 2015/5xxx/CVE-2015-5445.json | 140 ++++++------- 2015/5xxx/CVE-2015-5497.json | 150 +++++++------- 2017/2xxx/CVE-2017-2084.json | 34 ++-- 2017/2xxx/CVE-2017-2200.json | 34 ++-- 2017/2xxx/CVE-2017-2608.json | 176 ++++++++--------- 2017/2xxx/CVE-2017-2615.json | 352 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2621.json | 182 ++++++++--------- 2017/2xxx/CVE-2017-2771.json | 34 ++-- 2018/11xxx/CVE-2018-11286.json | 130 ++++++------ 2018/11xxx/CVE-2018-11348.json | 120 +++++------ 2018/11xxx/CVE-2018-11646.json | 160 +++++++-------- 2018/11xxx/CVE-2018-11927.json | 34 ++-- 2018/11xxx/CVE-2018-11945.json | 130 ++++++------ 2018/11xxx/CVE-2018-11957.json | 34 ++-- 2018/14xxx/CVE-2018-14171.json | 34 ++-- 2018/14xxx/CVE-2018-14416.json | 34 ++-- 2018/14xxx/CVE-2018-14659.json | 180 ++++++++--------- 2018/15xxx/CVE-2018-15485.json | 130 ++++++------ 2018/15xxx/CVE-2018-15643.json | 34 ++-- 2018/15xxx/CVE-2018-15752.json | 130 ++++++------ 2018/8xxx/CVE-2018-8013.json | 212 ++++++++++---------- 2018/8xxx/CVE-2018-8083.json | 34 ++-- 2018/8xxx/CVE-2018-8110.json | 146 +++++++------- 2018/8xxx/CVE-2018-8178.json | 342 ++++++++++++++++---------------- 2018/8xxx/CVE-2018-8483.json | 34 ++-- 2018/8xxx/CVE-2018-8688.json | 34 ++-- 63 files changed, 4152 insertions(+), 4152 deletions(-) diff --git a/2002/0xxx/CVE-2002-0426.json b/2002/0xxx/CVE-2002-0426.json index c1c11fd6125..905325dde39 100644 --- a/2002/0xxx/CVE-2002-0426.json +++ b/2002/0xxx/CVE-2002-0426.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020308 Linksys BEFVP41 VPN Server does not follow proper VPN standards", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/260613" - }, - { - "name" : "ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip", - "refsource" : "MISC", - "url" : "ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip" - }, - { - "name" : "linksys-etherfast-weak-encryption(8397)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8397.php" - }, - { - "name" : "4250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip", + "refsource": "MISC", + "url": "ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip" + }, + { + "name": "20020308 Linksys BEFVP41 VPN Server does not follow proper VPN standards", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/260613" + }, + { + "name": "4250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4250" + }, + { + "name": "linksys-etherfast-weak-encryption(8397)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8397.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0721.json b/2002/0xxx/CVE-2002-0721.json index b842110c895..d81a35afa1a 100644 --- a/2002/0xxx/CVE-2002-0721.json +++ b/2002/0xxx/CVE-2002-0721.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102950473002959&w=2" - }, - { - "name" : "20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=102950792606475&w=2" - }, - { - "name" : "20020815 Alert: Microsoft Security Bulletin - MS02-043", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html" - }, - { - "name" : "http://www.ngssoftware.com/advisories/mssql-esppu.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/mssql-esppu.txt" - }, - { - "name" : "MS02-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043" - }, - { - "name" : "VU#399531", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/399531" - }, - { - "name" : "VU#818939", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/818939" - }, - { - "name" : "VU#939675", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/939675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#939675", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/939675" + }, + { + "name": "VU#818939", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/818939" + }, + { + "name": "20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=102950792606475&w=2" + }, + { + "name": "MS02-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043" + }, + { + "name": "http://www.ngssoftware.com/advisories/mssql-esppu.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/mssql-esppu.txt" + }, + { + "name": "VU#399531", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/399531" + }, + { + "name": "20020815 Alert: Microsoft Security Bulletin - MS02-043", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html" + }, + { + "name": "20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102950473002959&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0850.json b/2002/0xxx/CVE-2002-0850.json index 9d53685a1d5..ee11c44360e 100644 --- a/2002/0xxx/CVE-2002-0850.json +++ b/2002/0xxx/CVE-2002-0850.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103133995920090&w=2" - }, - { - "name" : "20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html" - }, - { - "name" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt", - "refsource" : "CONFIRM", - "url" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt" - }, - { - "name" : "pgp-long-filename-bo(10043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10043" - }, - { - "name" : "5656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5656" + }, + { + "name": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt", + "refsource": "CONFIRM", + "url": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt" + }, + { + "name": "20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html" + }, + { + "name": "pgp-long-filename-bo(10043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10043" + }, + { + "name": "20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103133995920090&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2066.json b/2002/2xxx/CVE-2002-2066.json index 7d2a40f34f3..649606a0773 100644 --- a/2002/2xxx/CVE-2002-2066.json +++ b/2002/2xxx/CVE-2002-2066.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251565" - }, - { - "name" : "http://www.seifried.org/security/advisories/kssa-003.html", - "refsource" : "MISC", - "url" : "http://www.seifried.org/security/advisories/kssa-003.html" - }, - { - "name" : "http://www.bcwipe.com/", - "refsource" : "CONFIRM", - "url" : "http://www.bcwipe.com/" - }, - { - "name" : "M-034", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" - }, - { - "name" : "3912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3912" - }, - { - "name" : "ntfs-ads-file-wipe(7953)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7953.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3912" + }, + { + "name": "http://www.seifried.org/security/advisories/kssa-003.html", + "refsource": "MISC", + "url": "http://www.seifried.org/security/advisories/kssa-003.html" + }, + { + "name": "http://www.bcwipe.com/", + "refsource": "CONFIRM", + "url": "http://www.bcwipe.com/" + }, + { + "name": "ntfs-ads-file-wipe(7953)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7953.php" + }, + { + "name": "M-034", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-034.shtml" + }, + { + "name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251565" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2079.json b/2002/2xxx/CVE-2002-2079.json index 4ddf11ea0da..39329b06251 100644 --- a/2002/2xxx/CVE-2002-2079.json +++ b/2002/2xxx/CVE-2002-2079.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020423 Denial of Service in Mosix 1.5.x", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html" - }, - { - "name" : "4580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4580" - }, - { - "name" : "mosix-malformed-packet-dos(8927)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8927.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mosix-malformed-packet-dos(8927)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8927.php" + }, + { + "name": "4580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4580" + }, + { + "name": "20020423 Denial of Service in Mosix 1.5.x", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0120.json b/2005/0xxx/CVE-2005-0120.json index 6deb212eef2..f02699fac13 100644 --- a/2005/0xxx/CVE-2005-0120.json +++ b/2005/0xxx/CVE-2005-0120.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt", - "refsource" : "MISC", - "url" : "http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt", + "refsource": "MISC", + "url": "http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0494.json b/2005/0xxx/CVE-2005-0494.json index bb6978d451b..9e176639ae7 100644 --- a/2005/0xxx/CVE-2005-0494.json +++ b/2005/0xxx/CVE-2005-0494.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050219 Thomson TCW690 POST Password Validation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110886937131507&w=2" - }, - { - "name" : "14353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14353" - }, - { - "name" : "thomson-tcw690-gain-access(19387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thomson-tcw690-gain-access(19387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19387" + }, + { + "name": "14353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14353" + }, + { + "name": "20050219 Thomson TCW690 POST Password Validation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110886937131507&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1073.json b/2005/1xxx/CVE-2005-1073.json index 712072c005a..cf61c276181 100644 --- a/2005/1xxx/CVE-2005-1073.json +++ b/2005/1xxx/CVE-2005-1073.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395527" - }, - { - "name" : "http://www.digitalparadox.org/advisories/rga.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/rga.txt" - }, - { - "name" : "13080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13080" - }, - { - "name" : "15428", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15428" - }, - { - "name" : "14906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14906" - }, - { - "name" : "radbids-gold-php-xss(20038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "radbids-gold-php-xss(20038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20038" + }, + { + "name": "http://www.digitalparadox.org/advisories/rga.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/rga.txt" + }, + { + "name": "20050409 Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395527" + }, + { + "name": "13080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13080" + }, + { + "name": "14906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14906" + }, + { + "name": "15428", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15428" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1246.json b/2005/1xxx/CVE-2005-1246.json index b26ddcd12ae..70d448840cf 100644 --- a/2005/1xxx/CVE-2005-1246.json +++ b/2005/1xxx/CVE-2005-1246.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050425 [INetCop Security Advisory] Snmppd potentially format string vulnerability.", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0022.html" - }, - { - "name" : "http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2005-0x82-027-SNMPPD.txt", - "refsource" : "MISC", - "url" : "http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2005-0x82-027-SNMPPD.txt" - }, - { - "name" : "15120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050425 [INetCop Security Advisory] Snmppd potentially format string vulnerability.", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0022.html" + }, + { + "name": "15120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15120" + }, + { + "name": "http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2005-0x82-027-SNMPPD.txt", + "refsource": "MISC", + "url": "http://x82.inetcop.org/h0me/adv1sor1es/INCSA.2005-0x82-027-SNMPPD.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1346.json b/2005/1xxx/CVE-2005-1346.json index 86a7514d04f..ad43d997ae9 100644 --- a/2005/1xxx/CVE-2005-1346.json +++ b/2005/1xxx/CVE-2005-1346.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1386.json b/2005/1xxx/CVE-2005-1386.json index 853fd5e4380..533d8880434 100644 --- a/2005/1xxx/CVE-2005-1386.json +++ b/2005/1xxx/CVE-2005-1386.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050429 Multiples Full Path Disclosure in php-nuke 7.6 (and below)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111478982629035&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050429 Multiples Full Path Disclosure in php-nuke 7.6 (and below)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111478982629035&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1721.json b/2005/1xxx/CVE-2005-1721.json index c5544c65b76..55ad31f527b 100644 --- a/2005/1xxx/CVE-2005-1721.json +++ b/2005/1xxx/CVE-2005-1721.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - }, - { - "name" : "1014138", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + }, + { + "name": "1014138", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014138" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1814.json b/2005/1xxx/CVE-2005-1814.json index f1e7c4076e1..a89ebe65ce8 100644 --- a/2005/1xxx/CVE-2005-1814.json +++ b/2005/1xxx/CVE-2005-1814.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050528 PicoWebServer Remote Unicode Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111746551802380&w=2" - }, - { - "name" : "13807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13807" - }, - { - "name" : "15541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13807" + }, + { + "name": "15541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15541" + }, + { + "name": "20050528 PicoWebServer Remote Unicode Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111746551802380&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0416.json b/2009/0xxx/CVE-2009-0416.json index 8a07e6f518d..f8a1143178e 100644 --- a/2009/0xxx/CVE-2009-0416.json +++ b/2009/0xxx/CVE-2009-0416.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=874261" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "33583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33583" - }, - { - "name" : "51783", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51783" - }, - { - "name" : "33795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33583" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=2561165&group_id=128809&atid=712784" + }, + { + "name": "51783", + "refsource": "OSVDB", + "url": "http://osvdb.org/51783" + }, + { + "name": "[oss-security] 20090203 CVE Request: sblim-sfcb genSslCert.sh temp race", + "refsource": "MLIST", + "url": "http://sourceforge.net/forum/forum.php?forum_id=874261" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "33795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33795" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0727.json b/2009/0xxx/CVE-2009-0727.json index b4b8ddf4a9f..39415866264 100644 --- a/2009/0xxx/CVE-2009-0727.json +++ b/2009/0xxx/CVE-2009-0727.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090223 [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501183/100/0/threaded" - }, - { - "name" : "8098", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8098" - }, - { - "name" : "http://e-rdc.org/v1/news.php?readmore=126", - "refsource" : "MISC", - "url" : "http://e-rdc.org/v1/news.php?readmore=126" - }, - { - "name" : "33864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33864" - }, - { - "name" : "52256", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://e-rdc.org/v1/news.php?readmore=126", + "refsource": "MISC", + "url": "http://e-rdc.org/v1/news.php?readmore=126" + }, + { + "name": "52256", + "refsource": "OSVDB", + "url": "http://osvdb.org/52256" + }, + { + "name": "20090223 [ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501183/100/0/threaded" + }, + { + "name": "8098", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8098" + }, + { + "name": "33864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33864" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1035.json b/2009/1xxx/CVE-2009-1035.json index b0af6f46b47..033c4eb3397 100644 --- a/2009/1xxx/CVE-2009-1035.json +++ b/2009/1xxx/CVE-2009-1035.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/406316", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/406316" - }, - { - "name" : "34170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34170" - }, - { - "name" : "52782", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52782" - }, - { - "name" : "34376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34376" - }, - { - "name" : "tasklist-css-xss(49319)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52782", + "refsource": "OSVDB", + "url": "http://osvdb.org/52782" + }, + { + "name": "tasklist-css-xss(49319)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49319" + }, + { + "name": "http://drupal.org/node/406316", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/406316" + }, + { + "name": "34376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34376" + }, + { + "name": "34170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34170" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1087.json b/2009/1xxx/CVE-2009-1087.json index 99c2cca515f..bb248ac9397 100644 --- a/2009/1xxx/CVE-2009-1087.json +++ b/2009/1xxx/CVE-2009-1087.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8215", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8215" - }, - { - "name" : "34327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34327" - }, - { - "name" : "ADV-2009-0739", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0739" - }, - { - "name" : "pplive-uri-code-execution(49263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0739", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0739" + }, + { + "name": "pplive-uri-code-execution(49263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49263" + }, + { + "name": "34327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34327" + }, + { + "name": "8215", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8215" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1205.json b/2009/1xxx/CVE-2009-1205.json index a914b741dd8..21d8c6c94cb 100644 --- a/2009/1xxx/CVE-2009-1205.json +++ b/2009/1xxx/CVE-2009-1205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1205", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-4475. Reason: This candidate is a duplicate of CVE-2007-4475. Notes: All CVE users should reference CVE-2007-4475 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-1205", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-4475. Reason: This candidate is a duplicate of CVE-2007-4475. Notes: All CVE users should reference CVE-2007-4475 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1444.json b/2009/1xxx/CVE-2009-1444.json index fd419cb6658..803e4953c97 100644 --- a/2009/1xxx/CVE-2009-1444.json +++ b/2009/1xxx/CVE-2009-1444.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8516", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8516" - }, - { - "name" : "34687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34687" - }, - { - "name" : "54121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8516", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8516" + }, + { + "name": "54121", + "refsource": "OSVDB", + "url": "http://osvdb.org/54121" + }, + { + "name": "34687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34687" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1564.json b/2009/1xxx/CVE-2009-1564.json index 0a111ddc731..f597adce858 100644 --- a/2009/1xxx/CVE-2009-1564.json +++ b/2009/1xxx/CVE-2009-1564.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-1564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMware VMnc Codec Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://secunia.com/secunia_research/2009-36/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-36/" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "39363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39363" - }, - { - "name" : "63614", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63614" - }, - { - "name" : "1023838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023838" - }, - { - "name" : "36712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36712" - }, - { - "name" : "39206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39206" - }, - { - "name" : "39215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39206" + }, + { + "name": "63614", + "refsource": "OSVDB", + "url": "http://osvdb.org/63614" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "36712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36712" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "20100409 VMware VMnc Codec Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "39363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39363" + }, + { + "name": "1023838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023838" + }, + { + "name": "39215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39215" + }, + { + "name": "http://secunia.com/secunia_research/2009-36/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-36/" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1885.json b/2009/1xxx/CVE-2009-1885.json index 8e4f95eb8e0..7ab2a92385b 100644 --- a/2009/1xxx/CVE-2009-1885.json +++ b/2009/1xxx/CVE-2009-1885.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" - }, - { - "name" : "http://www.codenomicon.com/labs/xml/", - "refsource" : "MISC", - "url" : "http://www.codenomicon.com/labs/xml/" - }, - { - "name" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", - "refsource" : "MISC", - "url" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" - }, - { - "name" : "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&revision=781488", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&revision=781488" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515515" - }, - { - "name" : "FEDORA-2009-8305", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html" - }, - { - "name" : "FEDORA-2009-8332", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html" - }, - { - "name" : "FEDORA-2009-8345", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html" - }, - { - "name" : "FEDORA-2009-8350", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html" - }, - { - "name" : "MDVSA-2009:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223" - }, - { - "name" : "35986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35986" - }, - { - "name" : "36201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36201" - }, - { - "name" : "ADV-2009-2196", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2196" - }, - { - "name" : "xerces-c-dtd-dos(52321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35986" + }, + { + "name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", + "refsource": "MISC", + "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" + }, + { + "name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", + "refsource": "MISC", + "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" + }, + { + "name": "http://www.codenomicon.com/labs/xml/", + "refsource": "MISC", + "url": "http://www.codenomicon.com/labs/xml/" + }, + { + "name": "FEDORA-2009-8345", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html" + }, + { + "name": "36201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36201" + }, + { + "name": "ADV-2009-2196", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2196" + }, + { + "name": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch" + }, + { + "name": "FEDORA-2009-8305", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html" + }, + { + "name": "MDVSA-2009:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223" + }, + { + "name": "xerces-c-dtd-dos(52321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321" + }, + { + "name": "FEDORA-2009-8350", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&revision=781488", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&revision=781488" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=515515", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515" + }, + { + "name": "FEDORA-2009-8332", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4343.json b/2009/4xxx/CVE-2009-4343.json index 29373599104..bb154b1c458 100644 --- a/2009/4xxx/CVE-2009-4343.json +++ b/2009/4xxx/CVE-2009-4343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" - }, - { - "name" : "ADV-2009-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3550" - }, - { - "name" : "typo3-tcd-xss(54786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-tcd-xss(54786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54786" + }, + { + "name": "ADV-2009-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3550" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4749.json b/2009/4xxx/CVE-2009-4749.json index 63e6c2590f5..8d299416945 100644 --- a/2009/4xxx/CVE-2009-4749.json +++ b/2009/4xxx/CVE-2009-4749.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9174", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9174" - }, - { - "name" : "http://packetstormsecurity.org/0907-exploits/phplive-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/phplive-sql.txt" - }, - { - "name" : "35718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35718" - }, - { - "name" : "phplive-messagebox-sql-injection(51784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35718" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/phplive-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/phplive-sql.txt" + }, + { + "name": "9174", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9174" + }, + { + "name": "phplive-messagebox-sql-injection(51784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51784" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5060.json b/2009/5xxx/CVE-2009-5060.json index a0a1cf94729..3dfb529c0f3 100644 --- a/2009/5xxx/CVE-2009-5060.json +++ b/2009/5xxx/CVE-2009-5060.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2064.json b/2012/2xxx/CVE-2012-2064.json index 64ee4aff463..f7df278fcb3 100644 --- a/2012/2xxx/CVE-2012-2064.json +++ b/2012/2xxx/CVE-2012-2064.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://drupal.org/node/1482420", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1482420" - }, - { - "name" : "http://drupalcode.org/project/views_lang_switch.git/commit/c27c318", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/views_lang_switch.git/commit/c27c318" - }, - { - "name" : "52497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52497" - }, - { - "name" : "80071", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80071" - }, - { - "name" : "48355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52497" + }, + { + "name": "80071", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80071" + }, + { + "name": "48355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48355" + }, + { + "name": "http://drupal.org/node/1482420", + "refsource": "MISC", + "url": "http://drupal.org/node/1482420" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "http://drupalcode.org/project/views_lang_switch.git/commit/c27c318", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/views_lang_switch.git/commit/c27c318" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2205.json b/2012/2xxx/CVE-2012-2205.json index 432e275f43a..caefdbf31c7 100644 --- a/2012/2xxx/CVE-2012-2205.json +++ b/2012/2xxx/CVE-2012-2205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21605838", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21605838" - }, - { - "name" : "PM61670", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670" - }, - { - "name" : "rcq-workspace-xss(77094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM61670", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM61670" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21605838", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21605838" + }, + { + "name": "rcq-workspace-xss(77094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77094" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2893.json b/2012/2xxx/CVE-2012-2893.json index e646abe9c74..a170c784a6f 100644 --- a/2012/2xxx/CVE-2012-2893.json +++ b/2012/2xxx/CVE-2012-2893.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://chromiumcodereview.appspot.com/10919019", - "refsource" : "CONFIRM", - "url" : "https://chromiumcodereview.appspot.com/10919019" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=144799", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=144799" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=154331", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=154331" - }, - { - "name" : "DSA-2555", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2555" - }, - { - "name" : "MDVSA-2012:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15714", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714" - }, - { - "name" : "50838", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50838", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50838" + }, + { + "name": "DSA-2555", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2555" + }, + { + "name": "oval:org.mitre.oval:def:15714", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714" + }, + { + "name": "https://chromiumcodereview.appspot.com/10919019", + "refsource": "CONFIRM", + "url": "https://chromiumcodereview.appspot.com/10919019" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?view=rev&revision=154331", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?view=rev&revision=154331" + }, + { + "name": "http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=144799", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=144799" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + }, + { + "name": "MDVSA-2012:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3245.json b/2012/3xxx/CVE-2012-3245.json index 6e9ea2255de..0fb554abd6e 100644 --- a/2012/3xxx/CVE-2012-3245.json +++ b/2012/3xxx/CVE-2012-3245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3407.json b/2012/3xxx/CVE-2012-3407.json index 10830a1802d..92e8f12df57 100644 --- a/2012/3xxx/CVE-2012-3407.json +++ b/2012/3xxx/CVE-2012-3407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3407", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3407", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3432.json b/2012/3xxx/CVE-2012-3432.json index 0a3e63da167..8bc53dfd4b6 100644 --- a/2012/3xxx/CVE-2012-3432.json +++ b/2012/3xxx/CVE-2012-3432.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user\tmode MMIO emul DoS", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html" - }, - { - "name" : "DSA-2531", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2531" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2012:1043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" - }, - { - "name" : "SUSE-SU-2012:1044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" - }, - { - "name" : "54691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54691" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2531", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2531" + }, + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "[Xen-devel] 20120727 Xen Security Advisory 10 (CVE-2012-3432) - HVM user\tmode MMIO emul DoS", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "SUSE-SU-2012:1044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" + }, + { + "name": "SUSE-SU-2012:1043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2012:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" + }, + { + "name": "54691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54691" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3704.json b/2012/3xxx/CVE-2012-3704.json index 4394fb26b07..899d84063ca 100644 --- a/2012/3xxx/CVE-2012-3704.json +++ b/2012/3xxx/CVE-2012-3704.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85387", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85387" - }, - { - "name" : "oval:org.mitre.oval:def:17582", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17582" - }, - { - "name" : "apple-itunes-webkit-cve20123704(78559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "apple-itunes-webkit-cve20123704(78559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78559" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:17582", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17582" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "85387", + "refsource": "OSVDB", + "url": "http://osvdb.org/85387" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4939.json b/2012/4xxx/CVE-2012-4939.json index 77bb74b42ba..edd18c6913d 100644 --- a/2012/4xxx/CVE-2012-4939.json +++ b/2012/4xxx/CVE-2012-4939.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the \"Search for an IP address\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#203844", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/203844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the \"Search for an IP address\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#203844", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/203844" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4996.json b/2012/4xxx/CVE-2012-4996.json index 7b8c1bee125..4a0abc3a519 100644 --- a/2012/4xxx/CVE-2012-4996.json +++ b/2012/4xxx/CVE-2012-4996.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18553", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18553" - }, - { - "name" : "52283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52283" - }, - { - "name" : "79805", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79805" - }, - { - "name" : "79806", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79806" - }, - { - "name" : "48245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48245" - }, - { - "name" : "rivettracker-multiple-sql-injection(73679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48245" + }, + { + "name": "79806", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79806" + }, + { + "name": "52283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52283" + }, + { + "name": "79805", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79805" + }, + { + "name": "rivettracker-multiple-sql-injection(73679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73679" + }, + { + "name": "18553", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18553" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6152.json b/2012/6xxx/CVE-2012-6152.json index 33be8e66bb2..eef07f80f0d 100644 --- a/2012/6xxx/CVE-2012-6152.json +++ b/2012/6xxx/CVE-2012-6152.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886" - }, - { - "name" : "http://pidgin.im/news/security/?id=70", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=70" - }, - { - "name" : "RHSA-2014:0139", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2014-0139.html" - }, - { - "name" : "openSUSE-SU-2014:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2014:0326", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" - }, - { - "name" : "USN-2100-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2100-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0326", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" + }, + { + "name": "RHSA-2014:0139", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html" + }, + { + "name": "http://pidgin.im/news/security/?id=70", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=70" + }, + { + "name": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/b0345c25f886" + }, + { + "name": "openSUSE-SU-2014:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" + }, + { + "name": "USN-2100-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2100-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6159.json b/2012/6xxx/CVE-2012-6159.json index 15e7ab5ea46..1240307ecfb 100644 --- a/2012/6xxx/CVE-2012-6159.json +++ b/2012/6xxx/CVE-2012-6159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6159", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6159", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6459.json b/2012/6xxx/CVE-2012-6459.json index 02593f4e74d..5bdcf39f333 100644 --- a/2012/6xxx/CVE-2012-6459.json +++ b/2012/6xxx/CVE-2012-6459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.tizen.org/jira/browse/TIVI-211", - "refsource" : "CONFIRM", - "url" : "https://bugs.tizen.org/jira/browse/TIVI-211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.tizen.org/jira/browse/TIVI-211", + "refsource": "CONFIRM", + "url": "https://bugs.tizen.org/jira/browse/TIVI-211" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5029.json b/2015/5xxx/CVE-2015-5029.json index 147b701f107..a2e70539217 100644 --- a/2015/5xxx/CVE-2015-5029.json +++ b/2015/5xxx/CVE-2015-5029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5445.json b/2015/5xxx/CVE-2015-5445.json index 92562240c4d..f443db3ea58 100644 --- a/2015/5xxx/CVE-2015-5445.json +++ b/2015/5xxx/CVE-2015-5445.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589" - }, - { - "name" : "79392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79392" - }, - { - "name" : "1034605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034605" + }, + { + "name": "79392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79392" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5497.json b/2015/5xxx/CVE-2015-5497.json index 1bad0383e6b..d7b7b77c950 100644 --- a/2015/5xxx/CVE-2015-5497.json +++ b/2015/5xxx/CVE-2015-5497.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2492209", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2492209" - }, - { - "name" : "https://www.drupal.org/node/2487542", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2487542" - }, - { - "name" : "https://www.drupal.org/node/2487548", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2487548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2487542", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2487542" + }, + { + "name": "https://www.drupal.org/node/2487548", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2487548" + }, + { + "name": "https://www.drupal.org/node/2492209", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2492209" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2084.json b/2017/2xxx/CVE-2017-2084.json index ef344d49865..32d4ae226ef 100644 --- a/2017/2xxx/CVE-2017-2084.json +++ b/2017/2xxx/CVE-2017-2084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2084", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2084", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2200.json b/2017/2xxx/CVE-2017-2200.json index ab6a69e2c10..d13cd4630e8 100644 --- a/2017/2xxx/CVE-2017-2200.json +++ b/2017/2xxx/CVE-2017-2200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2608.json b/2017/2xxx/CVE-2017-2608.json index a64690a6702..b7a481fc687 100644 --- a/2017/2xxx/CVE-2017-2608.json +++ b/2017/2xxx/CVE-2017-2608.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "jenkins 2.44" - }, - { - "version_value" : "jenkins 2.32.2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins", + "version": { + "version_data": [ + { + "version_value": "jenkins 2.44" + }, + { + "version_value": "jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-02-01/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-02-01/" - }, - { - "name" : "95953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-02-01/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-02-01/" + }, + { + "name": "95953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95953" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2615.json b/2017/2xxx/CVE-2017-2615.json index d180dadd1c3..9ff60ad7573 100644 --- a/2017/2xxx/CVE-2017-2615.json +++ b/2017/2xxx/CVE-2017-2615.json @@ -1,178 +1,178 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "display", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "qemu" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "display", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "qemu" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/6" - }, - { - "name" : "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615" - }, - { - "name" : "https://support.citrix.com/article/CTX220771", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX220771" - }, - { - "name" : "GLSA-201702-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-27" - }, - { - "name" : "GLSA-201702-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-28" - }, - { - "name" : "RHSA-2017:0309", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0309.html" - }, - { - "name" : "RHSA-2017:0328", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0328.html" - }, - { - "name" : "RHSA-2017:0329", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0329.html" - }, - { - "name" : "RHSA-2017:0330", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0330.html" - }, - { - "name" : "RHSA-2017:0331", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0331.html" - }, - { - "name" : "RHSA-2017:0332", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0332.html" - }, - { - "name" : "RHSA-2017:0333", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0333.html" - }, - { - "name" : "RHSA-2017:0334", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0334.html" - }, - { - "name" : "RHSA-2017:0344", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0344.html" - }, - { - "name" : "RHSA-2017:0350", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0350.html" - }, - { - "name" : "RHSA-2017:0396", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0396.html" - }, - { - "name" : "RHSA-2017:0454", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0454.html" - }, - { - "name" : "95990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95990" - }, - { - "name" : "1037804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0329", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html" + }, + { + "name": "RHSA-2017:0334", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615" + }, + { + "name": "1037804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037804" + }, + { + "name": "RHSA-2017:0328", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "95990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95990" + }, + { + "name": "RHSA-2017:0333", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html" + }, + { + "name": "GLSA-201702-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-27" + }, + { + "name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/6" + }, + { + "name": "RHSA-2017:0454", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html" + }, + { + "name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html" + }, + { + "name": "RHSA-2017:0331", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html" + }, + { + "name": "GLSA-201702-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-28" + }, + { + "name": "RHSA-2017:0350", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html" + }, + { + "name": "RHSA-2017:0396", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html" + }, + { + "name": "RHSA-2017:0309", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html" + }, + { + "name": "RHSA-2017:0344", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html" + }, + { + "name": "RHSA-2017:0330", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html" + }, + { + "name": "RHSA-2017:0332", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html" + }, + { + "name": "https://support.citrix.com/article/CTX220771", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX220771" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2621.json b/2017/2xxx/CVE-2017-2621.json index 14b49a80217..949017674a5 100644 --- a/2017/2xxx/CVE-2017-2621.json +++ b/2017/2xxx/CVE-2017-2621.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openstack-heat", - "version" : { - "version_data" : [ - { - "version_value" : "openstack-heat-8.0.0" - }, - { - "version_value" : "openstack-heat-6.1.0" - }, - { - "version_value" : "openstack-heat-7.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-552" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openstack-heat", + "version": { + "version_data": [ + { + "version_value": "openstack-heat-8.0.0" + }, + { + "version_value": "openstack-heat-6.1.0" + }, + { + "version_value": "openstack-heat-7.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" - }, - { - "name" : "RHSA-2017:1243", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1243" - }, - { - "name" : "RHSA-2017:1464", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1464" - }, - { - "name" : "96280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621" + }, + { + "name": "RHSA-2017:1243", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1243" + }, + { + "name": "RHSA-2017:1464", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1464" + }, + { + "name": "96280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96280" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2771.json b/2017/2xxx/CVE-2017-2771.json index 09ce489ed18..18db6fa78fd 100644 --- a/2017/2xxx/CVE-2017-2771.json +++ b/2017/2xxx/CVE-2017-2771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2771", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2771", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11286.json b/2018/11xxx/CVE-2018-11286.json index ff88f58149a..f3451573261 100644 --- a/2018/11xxx/CVE-2018-11286.json +++ b/2018/11xxx/CVE-2018-11286.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable \"debug_client\" in multi-thread manner, Use after free issue occurs" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59ba3de38f8ffc5484898703d20b33980d29a41c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59ba3de38f8ffc5484898703d20b33980d29a41c" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable \"debug_client\" in multi-thread manner, Use after free issue occurs" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59ba3de38f8ffc5484898703d20b33980d29a41c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59ba3de38f8ffc5484898703d20b33980d29a41c" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11348.json b/2018/11xxx/CVE-2018-11348.json index ca5b095e381..5ae368074a8 100644 --- a/2018/11xxx/CVE-2018-11348.json +++ b/2018/11xxx/CVE-2018-11348.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11646.json b/2018/11xxx/CVE-2018-11646.json index 4412803ae2d..e14a2680fe2 100644 --- a/2018/11xxx/CVE-2018-11646.json +++ b/2018/11xxx/CVE-2018-11646.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44842", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44842/" - }, - { - "name" : "44876", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44876/" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=186164", - "refsource" : "MISC", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=186164" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=795740", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=795740" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44876", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44876/" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=795740", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=795740" + }, + { + "name": "44842", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44842/" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=186164", + "refsource": "MISC", + "url": "https://bugs.webkit.org/show_bug.cgi?id=186164" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11927.json b/2018/11xxx/CVE-2018-11927.json index 71cd22ac1bd..67bfa2aa569 100644 --- a/2018/11xxx/CVE-2018-11927.json +++ b/2018/11xxx/CVE-2018-11927.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11927", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11927", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11945.json b/2018/11xxx/CVE-2018-11945.json index 99a8f7550f1..d7c33947a3c 100644 --- a/2018/11xxx/CVE-2018-11945.json +++ b/2018/11xxx/CVE-2018-11945.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in MMCP" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in MMCP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106845" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11957.json b/2018/11xxx/CVE-2018-11957.json index a9dd7513d96..6eb4ede4397 100644 --- a/2018/11xxx/CVE-2018-11957.json +++ b/2018/11xxx/CVE-2018-11957.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11957", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11957", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14171.json b/2018/14xxx/CVE-2018-14171.json index 5d8b46e5cfa..f88128da3b7 100644 --- a/2018/14xxx/CVE-2018-14171.json +++ b/2018/14xxx/CVE-2018-14171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14416.json b/2018/14xxx/CVE-2018-14416.json index be958c2c551..a6f74e39a64 100644 --- a/2018/14xxx/CVE-2018-14416.json +++ b/2018/14xxx/CVE-2018-14416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14659.json b/2018/14xxx/CVE-2018-14659.json index e87046f0bb1..208f7fcb0f6 100644 --- a/2018/14xxx/CVE-2018-14659.json +++ b/2018/14xxx/CVE-2018-14659.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-14659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "through 3.1.2 and 4.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "The Gluster Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "through 3.1.2 and 4.1.4" + } + ] + } + } + ] + }, + "vendor_name": "The Gluster Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659" - }, - { - "name" : "RHSA-2018:3431", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3431" - }, - { - "name" : "RHSA-2018:3432", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3432" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3431", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3431" + }, + { + "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" + }, + { + "name": "RHSA-2018:3432", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3432" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15485.json b/2018/15xxx/CVE-2018-15485.json index 6eb99f6792f..fdf9cba81a1 100644 --- a/2018/15xxx/CVE-2018-15485.json +++ b/2018/15xxx/CVE-2018-15485.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" - }, - { - "name" : "https://www.kone.com/en/vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "https://www.kone.com/en/vulnerability.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kone.com/en/vulnerability.aspx", + "refsource": "CONFIRM", + "url": "https://www.kone.com/en/vulnerability.aspx" + }, + { + "name": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15643.json b/2018/15xxx/CVE-2018-15643.json index 8eec0aa8df7..7b9e1d74e8b 100644 --- a/2018/15xxx/CVE-2018-15643.json +++ b/2018/15xxx/CVE-2018-15643.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15643", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15643", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15752.json b/2018/15xxx/CVE-2018-15752.json index f2d13f1b507..3b361720bb6 100644 --- a/2018/15xxx/CVE-2018-15752.json +++ b/2018/15xxx/CVE-2018-15752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181001 e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Oct/3" - }, - { - "name" : "https://advisories.e2security.de/2018/E2SA-2018-01.txt", - "refsource" : "MISC", - "url" : "https://advisories.e2security.de/2018/E2SA-2018-01.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://advisories.e2security.de/2018/E2SA-2018-01.txt", + "refsource": "MISC", + "url": "https://advisories.e2security.de/2018/E2SA-2018-01.txt" + }, + { + "name": "20181001 e2 Security GmbH Advisory 2018-01: MensaMax Android app / Unencrypted transmission and usage of hardcoded encryption key", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Oct/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8013.json b/2018/8xxx/CVE-2018-8013.json index de612e76fc1..08ffff521ca 100644 --- a/2018/8xxx/CVE-2018-8013.json +++ b/2018/8xxx/CVE-2018-8013.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-05-23T00:00:00", - "ID" : "CVE-2018-8013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Batik", - "version" : { - "version_data" : [ - { - "version_value" : "1.0 - 1.9.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-05-23T00:00:00", + "ID": "CVE-2018-8013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Batik", + "version": { + "version_data": [ + { + "version_value": "1.0 - 1.9.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e" - }, - { - "name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html" - }, - { - "name" : "https://xmlgraphics.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://xmlgraphics.apache.org/security.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4215", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4215" - }, - { - "name" : "USN-3661-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3661-1/" - }, - { - "name" : "104252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104252" - }, - { - "name" : "1040995", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "104252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104252" + }, + { + "name": "https://xmlgraphics.apache.org/security.html", + "refsource": "CONFIRM", + "url": "https://xmlgraphics.apache.org/security.html" + }, + { + "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html" + }, + { + "name": "DSA-4215", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4215" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "USN-3661-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3661-1/" + }, + { + "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability", + "refsource": "MLIST", + "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f$d01860a0$704921e0$@gmail.com%3e" + }, + { + "name": "1040995", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040995" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8083.json b/2018/8xxx/CVE-2018-8083.json index f970ef22938..b9397bce77e 100644 --- a/2018/8xxx/CVE-2018-8083.json +++ b/2018/8xxx/CVE-2018-8083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8110.json b/2018/8xxx/CVE-2018-8110.json index 767c6ddf3ad..9a671c4ecb9 100644 --- a/2018/8xxx/CVE-2018-8110.json +++ b/2018/8xxx/CVE-2018-8110.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8110", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8110" - }, - { - "name" : "104330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104330" - }, - { - "name" : "1041097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8110", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8110" + }, + { + "name": "104330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104330" + }, + { + "name": "1041097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041097" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8178.json b/2018/8xxx/CVE-2018-8178.json index ecc27024981..83517a2eec6 100644 --- a/2018/8xxx/CVE-2018-8178.json +++ b/2018/8xxx/CVE-2018-8178.json @@ -1,173 +1,173 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178" - }, - { - "name" : "104076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104076" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104076" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8178" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8483.json b/2018/8xxx/CVE-2018-8483.json index b11c6917dc5..057ff89bcf4 100644 --- a/2018/8xxx/CVE-2018-8483.json +++ b/2018/8xxx/CVE-2018-8483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8688.json b/2018/8xxx/CVE-2018-8688.json index 736df9989bc..b1e3fd91b5b 100644 --- a/2018/8xxx/CVE-2018-8688.json +++ b/2018/8xxx/CVE-2018-8688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file