diff --git a/2002/0xxx/CVE-2002-0712.json b/2002/0xxx/CVE-2002-0712.json index 7950d7dd705..dce53a5fae2 100644 --- a/2002/0xxx/CVE-2002-0712.json +++ b/2002/0xxx/CVE-2002-0712.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#720017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/720017" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC" - }, - { - "name" : "easm-multiple-authorization-bypass(11724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724" - }, - { - "name" : "7284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#720017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/720017" + }, + { + "name": "easm-multiple-authorization-bypass(11724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724" + }, + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC" + }, + { + "name": "7284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7284" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2035.json b/2002/2xxx/CVE-2002-2035.json index 0d13c383bd2..85d360a0cb3 100644 --- a/2002/2xxx/CVE-2002-2035.json +++ b/2002/2xxx/CVE-2002-2035.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5CP041P75S.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5CP041P75S.html" - }, - { - "name" : "mylogin2000-sql-injection(9016)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9016.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mylogin2000-sql-injection(9016)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9016.php" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5CP041P75S.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5CP041P75S.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2082.json b/2002/2xxx/CVE-2002-2082.json index e4b715428f4..f17b3176c01 100644 --- a/2002/2xxx/CVE-2002-2082.json +++ b/2002/2xxx/CVE-2002-2082.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html" - }, - { - "name" : "4429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4429" - }, - { - "name" : "ftgate-pop3-user-dos(8751)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8751.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html" + }, + { + "name": "ftgate-pop3-user-dos(8751)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8751.php" + }, + { + "name": "4429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4429" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0029.json b/2005/0xxx/CVE-2005-0029.json index 6742b2045fd..e53ffd331d9 100644 --- a/2005/0xxx/CVE-2005-0029.json +++ b/2005/0xxx/CVE-2005-0029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0167.json b/2005/0xxx/CVE-2005-0167.json index a7a895a075f..c52e81b0741 100644 --- a/2005/0xxx/CVE-2005-0167.json +++ b/2005/0xxx/CVE-2005-0167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0167", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0167", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0614.json b/2005/0xxx/CVE-2005-0614.json index d90354b26a7..116d0e69cdb 100644 --- a/2005/0xxx/CVE-2005-0614.json +++ b/2005/0xxx/CVE-2005-0614.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050301 phpBB <= 2.0.12 UID Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110970201920206&w=2" - }, - { - "name" : "20050304 phpBB 2.0.12 Session Handling Administrator Authentication Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110999268130739&w=2" - }, - { - "name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=267563", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=267563" - }, - { - "name" : "14413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050301 phpBB <= 2.0.12 UID Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110970201920206&w=2" + }, + { + "name": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563", + "refsource": "CONFIRM", + "url": "http://www.phpbb.com/phpBB/viewtopic.php?t=267563" + }, + { + "name": "20050304 phpBB 2.0.12 Session Handling Administrator Authentication Bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110999268130739&w=2" + }, + { + "name": "14413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14413" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0853.json b/2005/0xxx/CVE-2005-0853.json index cbf24277f9c..8bf796e5c0c 100644 --- a/2005/0xxx/CVE-2005-0853.json +++ b/2005/0xxx/CVE-2005-0853.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050319 2 vulnerabilities in BetaParticle", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Mar/0360.html" - }, - { - "name" : "7499", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7499" - }, - { - "name" : "12861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12861" - }, - { - "name" : "14668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14668" - }, - { - "name" : "33233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33233" - }, - { - "name" : "betaparticle-web-root-information-disclosure(19779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19779" - }, - { - "name" : "bpblog-blog-info-disclosure(47419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bpblog-blog-info-disclosure(47419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47419" + }, + { + "name": "14668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14668" + }, + { + "name": "20050319 2 vulnerabilities in BetaParticle", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Mar/0360.html" + }, + { + "name": "12861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12861" + }, + { + "name": "betaparticle-web-root-information-disclosure(19779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19779" + }, + { + "name": "7499", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7499" + }, + { + "name": "33233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33233" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0942.json b/2005/0xxx/CVE-2005-0942.json index abb9b1faa03..c3cef29f7db 100644 --- a/2005/0xxx/CVE-2005-0942.json +++ b/2005/0xxx/CVE-2005-0942.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041222 Sybase ASE 12.5.2 vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html" - }, - { - "name" : "20050321 Details of Sybase ASE bugs withheld", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/393851" - }, - { - "name" : "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111272918117194&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/sybase-ase.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/sybase-ase.txt" - }, - { - "name" : "http://www.sybase.com/detail?id=1034520", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1034520" - }, - { - "name" : "http://www.sybase.com/detail?id=1034752", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1034752" - }, - { - "name" : "http://www.sybase.com/detail/1,6904,1033894,00.html", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail/1,6904,1033894,00.html" - }, - { - "name" : "12080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12080" - }, - { - "name" : "13632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13632" - }, - { - "name" : "sybase-adaptive-server(19354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ngssoftware.com/advisories/sybase-ase.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/sybase-ase.txt" + }, + { + "name": "sybase-adaptive-server(19354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354" + }, + { + "name": "20050321 Details of Sybase ASE bugs withheld", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/393851" + }, + { + "name": "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111272918117194&w=2" + }, + { + "name": "http://www.sybase.com/detail/1,6904,1033894,00.html", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail/1,6904,1033894,00.html" + }, + { + "name": "13632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13632" + }, + { + "name": "http://www.sybase.com/detail?id=1034520", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1034520" + }, + { + "name": "http://www.sybase.com/detail?id=1034752", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1034752" + }, + { + "name": "12080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12080" + }, + { + "name": "20041222 Sybase ASE 12.5.2 vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1128.json b/2005/1xxx/CVE-2005-1128.json index afb7cc79980..93dd8966af5 100644 --- a/2005/1xxx/CVE-2005-1128.json +++ b/2005/1xxx/CVE-2005-1128.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15541", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15541" - }, - { - "name" : "1013703", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013703", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013703" + }, + { + "name": "15541", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15541" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1479.json b/2005/1xxx/CVE-2005-1479.json index ddd5c6c98a7..b4dc1ff4343 100644 --- a/2005/1xxx/CVE-2005-1479.json +++ b/2005/1xxx/CVE-2005-1479.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050430 JGS-Portal 3.0.1 SQL-Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111506870504598&w=2" - }, - { - "name" : "20050516 [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111627681218415&w=2" - }, - { - "name" : "13451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13451" - }, - { - "name" : "1013866", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013866" - }, - { - "name" : "15219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15219" - }, - { - "name" : "jgsportal-sql-injection(20371)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15219" + }, + { + "name": "1013866", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013866" + }, + { + "name": "13451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13451" + }, + { + "name": "jgsportal-sql-injection(20371)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20371" + }, + { + "name": "20050516 [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111627681218415&w=2" + }, + { + "name": "20050430 JGS-Portal 3.0.1 SQL-Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111506870504598&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1726.json b/2005/1xxx/CVE-2005-1726.json index 90651c66842..efed8b942c9 100644 --- a/2005/1xxx/CVE-2005-1726.json +++ b/2005/1xxx/CVE-2005-1726.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by \"launching commands into root sessions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2005/Jun/msg00000.html" - }, - { - "name" : "13899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13899" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=301742", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=301742" - }, - { - "name" : "ADV-2005-0712", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0712" - }, - { - "name" : "17266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17266" - }, - { - "name" : "1014144", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014144" - }, - { - "name" : "15481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15481" - }, - { - "name" : "apple-coregraphics-gain-privileges(20954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by \"launching commands into root sessions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-0712", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0712" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=301742", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=301742" + }, + { + "name": "apple-coregraphics-gain-privileges(20954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20954" + }, + { + "name": "17266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17266" + }, + { + "name": "1014144", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014144" + }, + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2005/Jun/msg00000.html" + }, + { + "name": "13899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13899" + }, + { + "name": "15481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15481" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1758.json b/2005/1xxx/CVE-2005-1758.json index d858b14ef2a..2eafd19578f 100644 --- a/2005/1xxx/CVE-2005-1758.json +++ b/2005/1xxx/CVE-2005-1758.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm" - }, - { - "name" : "13926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13926" - }, - { - "name" : "14718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14718" - }, - { - "name" : "ADV-2005-0727", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0727" - }, - { - "name" : "17239", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17239" - }, - { - "name" : "15644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm" + }, + { + "name": "ADV-2005-0727", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0727" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm" + }, + { + "name": "17239", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17239" + }, + { + "name": "15644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15644" + }, + { + "name": "13926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13926" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm" + }, + { + "name": "14718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14718" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1832.json b/2005/1xxx/CVE-2005-1832.json index 602463f7322..f196b2e28e7 100644 --- a/2005/1xxx/CVE-2005-1832.json +++ b/2005/1xxx/CVE-2005-1832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111757191118050&w=2" - }, - { - "name" : "http://www.mybboard.com/community/showthread.php?tid=2559", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/community/showthread.php?tid=2559" - }, - { - "name" : "15552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111757191118050&w=2" + }, + { + "name": "15552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15552" + }, + { + "name": "http://www.mybboard.com/community/showthread.php?tid=2559", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/community/showthread.php?tid=2559" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4354.json b/2005/4xxx/CVE-2005-4354.json index f8a3f7b5b65..adc7d7ba71e 100644 --- a/2005/4xxx/CVE-2005-4354.json +++ b/2005/4xxx/CVE-2005-4354.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2005-2966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2966" - }, - { - "name" : "18076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2966" + }, + { + "name": "18076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18076" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0059.json b/2009/0xxx/CVE-2009-0059.json index 8ed92d8cdbc..206b7dfac99 100644 --- a/2009/0xxx/CVE-2009-0059.json +++ b/2009/0xxx/CVE-2009-0059.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" - }, - { - "name" : "33608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33608" - }, - { - "name" : "1021679", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021679" - }, - { - "name" : "33749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" + }, + { + "name": "33608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33608" + }, + { + "name": "33749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33749" + }, + { + "name": "1021679", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021679" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0359.json b/2009/0xxx/CVE-2009-0359.json index bb3e97b924b..ea7772947df 100644 --- a/2009/0xxx/CVE-2009-0359.json +++ b/2009/0xxx/CVE-2009-0359.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090213 Cross-site scripting in Samizdat 0.6.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500961/100/0/threaded" - }, - { - "name" : "[debian-testing-security-announce] 20090211 Security update for Debian Testing - 2009-02-12", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/debian-testing-security-announce@lists.debian.org/msg00171.html" - }, - { - "name" : "http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch", - "refsource" : "CONFIRM", - "url" : "http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch" - }, - { - "name" : "http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html", - "refsource" : "CONFIRM", - "url" : "http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html" - }, - { - "name" : "33768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33768" - }, - { - "name" : "52022", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52022", + "refsource": "OSVDB", + "url": "http://osvdb.org/52022" + }, + { + "name": "http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch", + "refsource": "CONFIRM", + "url": "http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch" + }, + { + "name": "[debian-testing-security-announce] 20090211 Security update for Debian Testing - 2009-02-12", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/debian-testing-security-announce@lists.debian.org/msg00171.html" + }, + { + "name": "20090213 Cross-site scripting in Samizdat 0.6.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500961/100/0/threaded" + }, + { + "name": "http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html", + "refsource": "CONFIRM", + "url": "http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html" + }, + { + "name": "33768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33768" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0613.json b/2009/0xxx/CVE-2009-0613.json index d20f5a0cd0b..3f39b24be48 100644 --- a/2009/0xxx/CVE-2009-0613.json +++ b/2009/0xxx/CVE-2009-0613.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt", - "refsource" : "CONFIRM", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt" - }, - { - "name" : "ADV-2009-0369", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0369" - }, - { - "name" : "1021694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021694" - }, - { - "name" : "33867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt", + "refsource": "CONFIRM", + "url": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt" + }, + { + "name": "33867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33867" + }, + { + "name": "ADV-2009-0369", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0369" + }, + { + "name": "1021694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021694" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0728.json b/2009/0xxx/CVE-2009-0728.json index 0982b9affcb..0f158d5ba56 100644 --- a/2009/0xxx/CVE-2009-0728.json +++ b/2009/0xxx/CVE-2009-0728.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8100", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8100" - }, - { - "name" : "33871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33871" + }, + { + "name": "8100", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8100" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0946.json b/2009/0xxx/CVE-2009-0946.json index e5a6b4e906e..fcbe18fe9c5 100644 --- a/2009/0xxx/CVE-2009-0946.json +++ b/2009/0xxx/CVE-2009-0946.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=491384", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=491384" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-1784", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1784" - }, - { - "name" : "GLSA-200905-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200905-05.xml" - }, - { - "name" : "MDVSA-2009:243", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243" - }, - { - "name" : "RHSA-2009:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0329.html" - }, - { - "name" : "RHSA-2009:1061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1061.html" - }, - { - "name" : "RHSA-2009:1062", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1062.html" - }, - { - "name" : "270268", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "USN-767-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-767-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34550" - }, - { - "name" : "oval:org.mitre.oval:def:10149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149" - }, - { - "name" : "34723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34723" - }, - { - "name" : "34913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34913" - }, - { - "name" : "34967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34967" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35198" - }, - { - "name" : "35200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35200" - }, - { - "name" : "35204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35204" - }, - { - "name" : "35210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35210" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "ADV-2009-1058", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1058" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34967" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "34913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34913" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "34550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34550" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "MDVSA-2009:243", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "USN-767-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-767-1" + }, + { + "name": "270268", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1" + }, + { + "name": "35198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35198" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "RHSA-2009:1062", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "DSA-1784", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1784" + }, + { + "name": "35210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35210" + }, + { + "name": "GLSA-200905-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491384", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384" + }, + { + "name": "oval:org.mitre.oval:def:10149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "35200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35200" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + }, + { + "name": "RHSA-2009:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html" + }, + { + "name": "ADV-2009-1058", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1058" + }, + { + "name": "35204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35204" + }, + { + "name": "34723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34723" + }, + { + "name": "RHSA-2009:1061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1072.json b/2009/1xxx/CVE-2009-1072.json index 7fb1f8c3974..01488d37788 100644 --- a/2009/1xxx/CVE-2009-1072.json +++ b/2009/1xxx/CVE-2009-1072.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.linux.kernel/805280" - }, - { - "name" : "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/23/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1800", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1800" - }, - { - "name" : "RHSA-2009:1081", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1081.html" - }, - { - "name" : "SUSE-SA:2009:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html" - }, - { - "name" : "SUSE-SA:2009:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" - }, - { - "name" : "SUSE-SA:2009:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" - }, - { - "name" : "USN-793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-793-1" - }, - { - "name" : "34205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34205" - }, - { - "name" : "oval:org.mitre.oval:def:10314", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314" - }, - { - "name" : "oval:org.mitre.oval:def:8382", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382" - }, - { - "name" : "34422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34422" - }, - { - "name" : "34432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34432" - }, - { - "name" : "34786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34786" - }, - { - "name" : "35121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35121" - }, - { - "name" : "35185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35185" - }, - { - "name" : "35390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35390" - }, - { - "name" : "35394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35394" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "35656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35656" - }, - { - "name" : "35343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35343" - }, - { - "name" : "ADV-2009-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0802" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "linux-kernel-capmknod-security-bypass(49356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35390" + }, + { + "name": "34432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34432" + }, + { + "name": "34422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34422" + }, + { + "name": "ADV-2009-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0802" + }, + { + "name": "34786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34786" + }, + { + "name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/23/1" + }, + { + "name": "34205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34205" + }, + { + "name": "SUSE-SA:2009:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "35656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35656" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.linux.kernel/805280" + }, + { + "name": "SUSE-SA:2009:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" + }, + { + "name": "35185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35185" + }, + { + "name": "oval:org.mitre.oval:def:10314", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:8382", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382" + }, + { + "name": "SUSE-SA:2009:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" + }, + { + "name": "SUSE-SA:2009:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html" + }, + { + "name": "USN-793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-793-1" + }, + { + "name": "RHSA-2009:1081", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html" + }, + { + "name": "DSA-1800", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1800" + }, + { + "name": "35343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35343" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9" + }, + { + "name": "linux-kernel-capmknod-security-bypass(49356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911" + }, + { + "name": "35121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35121" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "35394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35394" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1775.json b/2009/1xxx/CVE-2009-1775.json index bb29be8d081..a1c6f824832 100644 --- a/2009/1xxx/CVE-2009-1775.json +++ b/2009/1xxx/CVE-2009-1775.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS", - "refsource" : "MISC", - "url" : "http://www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS" - }, - { - "name" : "http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en", - "refsource" : "CONFIRM", - "url" : "http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en" - }, - { - "name" : "34927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34927" - }, - { - "name" : "34923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS", + "refsource": "MISC", + "url": "http://www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS" + }, + { + "name": "http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en", + "refsource": "CONFIRM", + "url": "http://www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en" + }, + { + "name": "34923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34923" + }, + { + "name": "34927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34927" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1790.json b/2009/1xxx/CVE-2009-1790.json index 524d83b1a32..11b57cc24c5 100644 --- a/2009/1xxx/CVE-2009-1790.json +++ b/2009/1xxx/CVE-2009-1790.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247", - "refsource" : "CONFIRM", - "url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247" - }, - { - "name" : "JVN#28521500", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN28521500/index.html" - }, - { - "name" : "JVNDB-2009-000028", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html" - }, - { - "name" : "34999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34999" - }, - { - "name" : "54545", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54545" - }, - { - "name" : "35123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35123" - }, - { - "name" : "rescuetrees-unspecified-xss(50579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35123" + }, + { + "name": "JVN#28521500", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN28521500/index.html" + }, + { + "name": "34999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34999" + }, + { + "name": "54545", + "refsource": "OSVDB", + "url": "http://osvdb.org/54545" + }, + { + "name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247", + "refsource": "CONFIRM", + "url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247" + }, + { + "name": "rescuetrees-unspecified-xss(50579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50579" + }, + { + "name": "JVNDB-2009-000028", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1911.json b/2009/1xxx/CVE-2009-1911.json index 713cf2295a9..a3c1d7df55d 100644 --- a/2009/1xxx/CVE-2009-1911.json +++ b/2009/1xxx/CVE-2009-1911.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090510 TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503396/100/0/threaded" - }, - { - "name" : "8649", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8649" - }, - { - "name" : "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653", - "refsource" : "CONFIRM", - "url" : "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653" - }, - { - "name" : "34892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34892" - }, - { - "name" : "35020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35020" - }, - { - "name" : "35060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35060" - }, - { - "name" : "tinywebgallery-init-file-include(50408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35060" + }, + { + "name": "20090510 TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503396/100/0/threaded" + }, + { + "name": "35020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35020" + }, + { + "name": "tinywebgallery-init-file-include(50408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50408" + }, + { + "name": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653", + "refsource": "CONFIRM", + "url": "http://www.tinywebgallery.com/forum/viewtopic.php?t=1653" + }, + { + "name": "34892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34892" + }, + { + "name": "8649", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8649" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4288.json b/2009/4xxx/CVE-2009-4288.json index 18a73a5caa1..1d75e6954f8 100644 --- a/2009/4xxx/CVE-2009-4288.json +++ b/2009/4xxx/CVE-2009-4288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4685.json b/2009/4xxx/CVE-2009-4685.json index 2df83398fd6..31443cd8c27 100644 --- a/2009/4xxx/CVE-2009-4685.json +++ b/2009/4xxx/CVE-2009-4685.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/astrology-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/astrology-xss.txt" - }, - { - "name" : "56083", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56083" - }, - { - "name" : "35933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35933" - }, - { - "name" : "astrology-day-xss(51856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0907-exploits/astrology-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/astrology-xss.txt" + }, + { + "name": "35933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35933" + }, + { + "name": "astrology-day-xss(51856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51856" + }, + { + "name": "56083", + "refsource": "OSVDB", + "url": "http://osvdb.org/56083" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2456.json b/2012/2xxx/CVE-2012-2456.json index bfe4e9614cf..423c11ec1aa 100644 --- a/2012/2xxx/CVE-2012-2456.json +++ b/2012/2xxx/CVE-2012-2456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2456", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-5174. Reason: This candidate is a reservation duplicate of CVE-2011-5174. Notes: All CVE users should reference CVE-2011-5174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2456", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-5174. Reason: This candidate is a reservation duplicate of CVE-2011-5174. Notes: All CVE users should reference CVE-2011-5174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2771.json b/2012/2xxx/CVE-2012-2771.json index 36f4948fa15..53aeff4959a 100644 --- a/2012/2xxx/CVE-2012-2771.json +++ b/2012/2xxx/CVE-2012-2771.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.ffmpeg.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3097.json b/2012/3xxx/CVE-2012-3097.json index 2561dc0e680..69b83fd181e 100644 --- a/2012/3xxx/CVE-2012-3097.json +++ b/2012/3xxx/CVE-2012-3097.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3097", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3097", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3129.json b/2012/3xxx/CVE-2012-3129.json index 653fe480e9d..9259f50eb99 100644 --- a/2012/3xxx/CVE-2012-3129.json +++ b/2012/3xxx/CVE-2012-3129.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54513" - }, - { - "name" : "83936", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83936" - }, - { - "name" : "1027274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027274" - }, - { - "name" : "solaris-gnomepdfviewer-cve20123129(77045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-gnomepdfviewer-cve20123129(77045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77045" + }, + { + "name": "1027274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027274" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54513" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "83936", + "refsource": "OSVDB", + "url": "http://osvdb.org/83936" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3269.json b/2012/3xxx/CVE-2012-3269.json index afa2badf95d..5b94be2bb7b 100644 --- a/2012/3xxx/CVE-2012-3269.json +++ b/2012/3xxx/CVE-2012-3269.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02827", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" - }, - { - "name" : "SSRT100924", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" - }, - { - "name" : "56373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56373" - }, - { - "name" : "1027719", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027719" - }, - { - "name" : "51136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51136" - }, - { - "name" : "hp-performance-unspec-dos(79743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100924", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" + }, + { + "name": "hp-performance-unspec-dos(79743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79743" + }, + { + "name": "56373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56373" + }, + { + "name": "1027719", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027719" + }, + { + "name": "HPSBMU02827", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03555488" + }, + { + "name": "51136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51136" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3729.json b/2012/3xxx/CVE-2012-3729.json index 810606fb6b6..84e666928e7 100644 --- a/2012/3xxx/CVE-2012-3729.json +++ b/2012/3xxx/CVE-2012-3729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "85627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85627" - }, - { - "name" : "apple-ios-kernel-cve20123729(78724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "85627", + "refsource": "OSVDB", + "url": "http://osvdb.org/85627" + }, + { + "name": "apple-ios-kernel-cve20123729(78724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78724" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3767.json b/2012/3xxx/CVE-2012-3767.json index 1655475d350..9c8e5d85c00 100644 --- a/2012/3xxx/CVE-2012-3767.json +++ b/2012/3xxx/CVE-2012-3767.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3767", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3767", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6299.json b/2012/6xxx/CVE-2012-6299.json index 01eb8ed218d..17da6daae98 100644 --- a/2012/6xxx/CVE-2012-6299.json +++ b/2012/6xxx/CVE-2012-6299.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6413.json b/2012/6xxx/CVE-2012-6413.json index 409e00996ee..5414de10605 100644 --- a/2012/6xxx/CVE-2012-6413.json +++ b/2012/6xxx/CVE-2012-6413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6413", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6413", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6663.json b/2012/6xxx/CVE-2012-6663.json index 0b2d546c2a7..0c697378497 100644 --- a/2012/6xxx/CVE-2012-6663.json +++ b/2012/6xxx/CVE-2012-6663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5269.json b/2015/5xxx/CVE-2015-5269.json index e03bcbff5a6..e34b8ae09a6 100644 --- a/2015/5xxx/CVE-2015-5269.json +++ b/2015/5xxx/CVE-2015-5269.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320293", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320293" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320293", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320293" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709" + }, + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5611.json b/2015/5xxx/CVE-2015-5611.json index 9f6331c9ade..dc704ebd465 100644 --- a/2015/5xxx/CVE-2015-5611.json +++ b/2015/5xxx/CVE-2015-5611.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient \"Radio security protection,\" as demonstrated on a 2014 Jeep Cherokee Limited FWD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://media.fcanorthamerica.com/newsrelease.do?id=16827&mid=1", - "refsource" : "MISC", - "url" : "http://media.fcanorthamerica.com/newsrelease.do?id=16827&mid=1" - }, - { - "name" : "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/", - "refsource" : "MISC", - "url" : "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/" - }, - { - "name" : "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf", - "refsource" : "MISC", - "url" : "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf" - }, - { - "name" : "https://twitter.com/0xcharlie/status/623171594349842433", - "refsource" : "MISC", - "url" : "https://twitter.com/0xcharlie/status/623171594349842433" - }, - { - "name" : "https://twitter.com/0xcharlie/status/623195051296993280", - "refsource" : "MISC", - "url" : "https://twitter.com/0xcharlie/status/623195051296993280" - }, - { - "name" : "https://twitter.com/0xcharlie/status/623258479730552832", - "refsource" : "MISC", - "url" : "https://twitter.com/0xcharlie/status/623258479730552832" - }, - { - "name" : "https://www.youtube.com/watch?v=MK0SrxBC1xs&feature=youtu.be", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=MK0SrxBC1xs&feature=youtu.be" - }, - { - "name" : "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf", - "refsource" : "MISC", - "url" : "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01" - }, - { - "name" : "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/", - "refsource" : "CONFIRM", - "url" : "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/" - }, - { - "name" : "75993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient \"Radio security protection,\" as demonstrated on a 2014 Jeep Cherokee Limited FWD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75993" + }, + { + "name": "https://twitter.com/0xcharlie/status/623171594349842433", + "refsource": "MISC", + "url": "https://twitter.com/0xcharlie/status/623171594349842433" + }, + { + "name": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/", + "refsource": "MISC", + "url": "http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/" + }, + { + "name": "http://media.fcanorthamerica.com/newsrelease.do?id=16827&mid=1", + "refsource": "MISC", + "url": "http://media.fcanorthamerica.com/newsrelease.do?id=16827&mid=1" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01" + }, + { + "name": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/", + "refsource": "CONFIRM", + "url": "http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/" + }, + { + "name": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf", + "refsource": "MISC", + "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483033/RCAK-15V461-4967.pdf" + }, + { + "name": "https://twitter.com/0xcharlie/status/623258479730552832", + "refsource": "MISC", + "url": "https://twitter.com/0xcharlie/status/623258479730552832" + }, + { + "name": "https://twitter.com/0xcharlie/status/623195051296993280", + "refsource": "MISC", + "url": "https://twitter.com/0xcharlie/status/623195051296993280" + }, + { + "name": "https://www.youtube.com/watch?v=MK0SrxBC1xs&feature=youtu.be", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=MK0SrxBC1xs&feature=youtu.be" + }, + { + "name": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf", + "refsource": "MISC", + "url": "http://www-odi.nhtsa.dot.gov/acms/cs/jaxrs/download/doc/UCM483036/RCLRPT-15V461-9407.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5920.json b/2015/5xxx/CVE-2015-5920.json index 4f968d9e0d7..8c6c8ed0caf 100644 --- a/2015/5xxx/CVE-2015-5920.json +++ b/2015/5xxx/CVE-2015-5920.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "1033617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "1033617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033617" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5958.json b/2015/5xxx/CVE-2015-5958.json index 5d0fc5ae705..6b318399993 100644 --- a/2015/5xxx/CVE-2015-5958.json +++ b/2015/5xxx/CVE-2015-5958.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/132865/phpFileManager-0.9.8-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132865/phpFileManager-0.9.8-Remote-Command-Execution.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132865/phpFileManager-0.9.8-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132865/phpFileManager-0.9.8-Remote-Command-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2010.json b/2017/2xxx/CVE-2017-2010.json index f328159f363..98cc633f20f 100644 --- a/2017/2xxx/CVE-2017-2010.json +++ b/2017/2xxx/CVE-2017-2010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2010", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2010", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11322.json b/2018/11xxx/CVE-2018-11322.json index c0c09dd0441..924580d1962 100644 --- a/2018/11xxx/CVE-2018-11322.json +++ b/2018/11xxx/CVE-2018-11322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html", - "refsource" : "MISC", - "url" : "https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html" - }, - { - "name" : "104272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104272" - }, - { - "name" : "1040966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html", + "refsource": "MISC", + "url": "https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html" + }, + { + "name": "104272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104272" + }, + { + "name": "1040966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040966" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11374.json b/2018/11xxx/CVE-2018-11374.json index a2a0dadbc0b..fdc23b8529c 100644 --- a/2018/11xxx/CVE-2018-11374.json +++ b/2018/11xxx/CVE-2018-11374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11985.json b/2018/11xxx/CVE-2018-11985.json index 8f5dac27ba9..24adc7f24a7 100644 --- a/2018/11xxx/CVE-2018-11985.json +++ b/2018/11xxx/CVE-2018-11985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Configuration Issue in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Issue in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14392.json b/2018/14xxx/CVE-2018-14392.json index b980859041c..151e4dccec5 100644 --- a/2018/14xxx/CVE-2018-14392.json +++ b/2018/14xxx/CVE-2018-14392.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The New Threads plugin before 1.2 for MyBB has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45057", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45057/" - }, - { - "name" : "https://community.mybb.com/mods.php?action=changelog&pid=1143", - "refsource" : "MISC", - "url" : "https://community.mybb.com/mods.php?action=changelog&pid=1143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The New Threads plugin before 1.2 for MyBB has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45057", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45057/" + }, + { + "name": "https://community.mybb.com/mods.php?action=changelog&pid=1143", + "refsource": "MISC", + "url": "https://community.mybb.com/mods.php?action=changelog&pid=1143" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14573.json b/2018/14xxx/CVE-2018-14573.json index 1aab34cf562..1ae9e64c11b 100644 --- a/2018/14xxx/CVE-2018-14573.json +++ b/2018/14xxx/CVE-2018-14573.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://release-notes.trms.com/txt/448", - "refsource" : "CONFIRM", - "url" : "http://release-notes.trms.com/txt/448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://release-notes.trms.com/txt/448", + "refsource": "CONFIRM", + "url": "http://release-notes.trms.com/txt/448" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14642.json b/2018/14xxx/CVE-2018-14642.json index 9afeb34e18e..4a13223a98f 100644 --- a/2018/14xxx/CVE-2018-14642.json +++ b/2018/14xxx/CVE-2018-14642.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-14642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "undertow", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642" - }, - { - "name" : "RHSA-2019:0362", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0362" - }, - { - "name" : "RHSA-2019:0364", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0364" - }, - { - "name" : "RHSA-2019:0365", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0365" - }, - { - "name" : "RHSA-2019:0380", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642" + }, + { + "name": "RHSA-2019:0364", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0364" + }, + { + "name": "RHSA-2019:0362", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0362" + }, + { + "name": "RHSA-2019:0365", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0365" + }, + { + "name": "RHSA-2019:0380", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0380" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15055.json b/2018/15xxx/CVE-2018-15055.json index cf7f333e6de..3080d7aaf18 100644 --- a/2018/15xxx/CVE-2018-15055.json +++ b/2018/15xxx/CVE-2018-15055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15055", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15055", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15668.json b/2018/15xxx/CVE-2018-15668.json index 2dfafbb78d3..e8981a16445 100644 --- a/2018/15xxx/CVE-2018-15668.json +++ b/2018/15xxx/CVE-2018-15668.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://versprite.com/advisories/airmail-3-for-mac-2/", - "refsource" : "MISC", - "url" : "https://versprite.com/advisories/airmail-3-for-mac-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://versprite.com/advisories/airmail-3-for-mac-2/", + "refsource": "MISC", + "url": "https://versprite.com/advisories/airmail-3-for-mac-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15802.json b/2018/15xxx/CVE-2018-15802.json index b31d6ba7962..7b8c42d6525 100644 --- a/2018/15xxx/CVE-2018-15802.json +++ b/2018/15xxx/CVE-2018-15802.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15802", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15802", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15964.json b/2018/15xxx/CVE-2018-15964.json index 36197cf0cd1..3458ae874c0 100644 --- a/2018/15xxx/CVE-2018-15964.json +++ b/2018/15xxx/CVE-2018-15964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ColdFusion", - "version" : { - "version_data" : [ - { - "version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of a component with a known vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" - }, - { - "name" : "105311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105311" - }, - { - "name" : "1041621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of a component with a known vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" + }, + { + "name": "1041621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041621" + }, + { + "name": "105311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105311" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3324.json b/2018/3xxx/CVE-2018-3324.json index d48010fe1c0..2c56f8bdcb1 100644 --- a/2018/3xxx/CVE-2018-3324.json +++ b/2018/3xxx/CVE-2018-3324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8167.json b/2018/8xxx/CVE-2018-8167.json index b9285c76902..593e9290bf5 100644 --- a/2018/8xxx/CVE-2018-8167.json +++ b/2018/8xxx/CVE-2018-8167.json @@ -1,211 +1,211 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8167", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8167" - }, - { - "name" : "104063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104063" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8167", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8167" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8445.json b/2018/8xxx/CVE-2018-8445.json index 7684fbfa6c6..97ea5ba8f33 100644 --- a/2018/8xxx/CVE-2018-8445.json +++ b/2018/8xxx/CVE-2018-8445.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8445", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8445" - }, - { - "name" : "105225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105225" - }, - { - "name" : "1041635", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105225" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8445", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8445" + }, + { + "name": "1041635", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041635" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8933.json b/2018/8xxx/CVE-2018-8933.json index aa97016a386..af027ec8f6f 100644 --- a/2018/8xxx/CVE-2018-8933.json +++ b/2018/8xxx/CVE-2018-8933.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://amdflaws.com/", - "refsource" : "MISC", - "url" : "https://amdflaws.com/" - }, - { - "name" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/", - "refsource" : "MISC", - "url" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/" - }, - { - "name" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research", - "refsource" : "MISC", - "url" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research" - }, - { - "name" : "https://safefirmware.com/amdflaws_whitepaper.pdf", - "refsource" : "MISC", - "url" : "https://safefirmware.com/amdflaws_whitepaper.pdf" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us" + }, + { + "name": "https://amdflaws.com/", + "refsource": "MISC", + "url": "https://amdflaws.com/" + }, + { + "name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/", + "refsource": "MISC", + "url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/" + }, + { + "name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research", + "refsource": "MISC", + "url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research" + }, + { + "name": "https://safefirmware.com/amdflaws_whitepaper.pdf", + "refsource": "MISC", + "url": "https://safefirmware.com/amdflaws_whitepaper.pdf" + } + ] + } +} \ No newline at end of file