From 4ad10f9080ae418acc36c21471f225b8d7e78e27 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:33:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0130.json | 200 +++++++++++------------ 2005/0xxx/CVE-2005-0148.json | 160 +++++++++---------- 2005/0xxx/CVE-2005-0356.json | 220 +++++++++++++------------- 2005/0xxx/CVE-2005-0398.json | 220 +++++++++++++------------- 2005/0xxx/CVE-2005-0457.json | 130 +++++++-------- 2005/0xxx/CVE-2005-0939.json | 34 ++-- 2005/0xxx/CVE-2005-0941.json | 190 +++++++++++----------- 2005/1xxx/CVE-2005-1103.json | 120 +++++++------- 2005/1xxx/CVE-2005-1899.json | 160 +++++++++---------- 2005/4xxx/CVE-2005-4174.json | 180 ++++++++++----------- 2009/0xxx/CVE-2009-0866.json | 130 +++++++-------- 2009/1xxx/CVE-2009-1241.json | 210 ++++++++++++------------- 2009/1xxx/CVE-2009-1513.json | 280 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1898.json | 170 ++++++++++---------- 2009/3xxx/CVE-2009-3897.json | 230 +++++++++++++-------------- 2009/4xxx/CVE-2009-4269.json | 220 +++++++++++++------------- 2009/4xxx/CVE-2009-4309.json | 250 ++++++++++++++--------------- 2009/4xxx/CVE-2009-4587.json | 170 ++++++++++---------- 2009/4xxx/CVE-2009-4757.json | 130 +++++++-------- 2009/4xxx/CVE-2009-4970.json | 140 ++++++++--------- 2012/2xxx/CVE-2012-2514.json | 160 +++++++++---------- 2012/2xxx/CVE-2012-2682.json | 140 ++++++++--------- 2012/2xxx/CVE-2012-2788.json | 210 ++++++++++++------------- 2012/2xxx/CVE-2012-2932.json | 150 +++++++++--------- 2012/2xxx/CVE-2012-2974.json | 130 +++++++-------- 2012/6xxx/CVE-2012-6151.json | 260 +++++++++++++++--------------- 2012/6xxx/CVE-2012-6211.json | 34 ++-- 2015/1xxx/CVE-2015-1217.json | 200 +++++++++++------------ 2015/1xxx/CVE-2015-1220.json | 180 ++++++++++----------- 2015/1xxx/CVE-2015-1318.json | 170 ++++++++++---------- 2015/1xxx/CVE-2015-1382.json | 190 +++++++++++----------- 2015/5xxx/CVE-2015-5996.json | 130 +++++++-------- 2018/11xxx/CVE-2018-11009.json | 34 ++-- 2018/11xxx/CVE-2018-11094.json | 130 +++++++-------- 2018/11xxx/CVE-2018-11125.json | 34 ++-- 2018/11xxx/CVE-2018-11375.json | 130 +++++++-------- 2018/11xxx/CVE-2018-11636.json | 120 +++++++------- 2018/15xxx/CVE-2018-15002.json | 130 +++++++-------- 2018/3xxx/CVE-2018-3170.json | 152 +++++++++--------- 2018/3xxx/CVE-2018-3175.json | 142 ++++++++--------- 2018/3xxx/CVE-2018-3348.json | 34 ++-- 2018/3xxx/CVE-2018-3434.json | 34 ++-- 2018/3xxx/CVE-2018-3452.json | 34 ++-- 2018/3xxx/CVE-2018-3705.json | 120 +++++++------- 2018/7xxx/CVE-2018-7374.json | 34 ++-- 2018/7xxx/CVE-2018-7881.json | 34 ++-- 2018/7xxx/CVE-2018-7947.json | 120 +++++++------- 2018/8xxx/CVE-2018-8749.json | 34 ++-- 2018/8xxx/CVE-2018-8819.json | 140 ++++++++--------- 49 files changed, 3477 insertions(+), 3477 deletions(-) diff --git a/2005/0xxx/CVE-2005-0130.json b/2005/0xxx/CVE-2005-0130.json index 7f066165d44..4eb36444290 100644 --- a/2005/0xxx/CVE-2005-0130.json +++ b/2005/0xxx/CVE-2005-0130.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050119 Multiple vulnerabilities in Konversation", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html" - }, - { - "name" : "20050119 Multiple vulnerabilities in Konversation", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110626383310742&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20050121-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20050121-1.txt" - }, - { - "name" : "GLSA-200501-34", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml" - }, - { - "name" : "12312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12312" - }, - { - "name" : "1012972", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012972" - }, - { - "name" : "13919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13919" - }, - { - "name" : "13989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13989" - }, - { - "name" : "konversation-perlscript-execute-code(19008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13919" + }, + { + "name": "20050119 Multiple vulnerabilities in Konversation", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20050121-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20050121-1.txt" + }, + { + "name": "12312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12312" + }, + { + "name": "13989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13989" + }, + { + "name": "konversation-perlscript-execute-code(19008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19008" + }, + { + "name": "GLSA-200501-34", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml" + }, + { + "name": "20050119 Multiple vulnerabilities in Konversation", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110626383310742&w=2" + }, + { + "name": "1012972", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012972" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0148.json b/2005/0xxx/CVE-2005-0148.json index bf822c66772..74a9d1a6b13 100644 --- a/2005/0xxx/CVE-2005-0148.json +++ b/2005/0xxx/CVE-2005-0148.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-10.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=263546", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=263546" - }, - { - "name" : "12407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12407" - }, - { - "name" : "oval:org.mitre.oval:def:100048", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100048" - }, - { - "name" : "thunderbird-javascript-handler-launch(19173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thunderbird-javascript-handler-launch(19173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19173" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=263546", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=263546" + }, + { + "name": "12407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12407" + }, + { + "name": "oval:org.mitre.oval:def:100048", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100048" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-10.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-10.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0356.json b/2005/0xxx/CVE-2005-0356.json index fc4b235e4fb..43b862793d4 100644 --- a/2005/0xxx/CVE-2005-0356.json +++ b/2005/0xxx/CVE-2005-0356.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2005-0356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm" - }, - { - "name" : "20050518 Vulnerability in a Variant of the TCP Timestamps Option", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml" - }, - { - "name" : "FreeBSD-SA-05:15", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" - }, - { - "name" : "SCOSA-2005.64", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt" - }, - { - "name" : "VU#637934", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/637934" - }, - { - "name" : "13676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13676" - }, - { - "name" : "15417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15417/" - }, - { - "name" : "15393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15393" - }, - { - "name" : "18222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18222" - }, - { - "name" : "18662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18662" - }, - { - "name" : "tcp-ip-timestamp-dos(20635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tcp-ip-timestamp-dos(20635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635" + }, + { + "name": "15393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15393" + }, + { + "name": "VU#637934", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/637934" + }, + { + "name": "15417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15417/" + }, + { + "name": "18662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18662" + }, + { + "name": "SCOSA-2005.64", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt" + }, + { + "name": "FreeBSD-SA-05:15", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc" + }, + { + "name": "13676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13676" + }, + { + "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml" + }, + { + "name": "18222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18222" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0398.json b/2005/0xxx/CVE-2005-0398.json index de1151ac21b..857fb2d3168 100644 --- a/2005/0xxx/CVE-2005-0398.json +++ b/2005/0xxx/CVE-2005-0398.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ipsec-tools-devel] 20050312 potential remote crash in racoon", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000" - }, - { - "name" : "GLSA-200503-33", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200503-33.xml" - }, - { - "name" : "MDKSA-2005:062", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062" - }, - { - "name" : "RHSA-2005:232", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-232.html" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view" - }, - { - "name" : "oval:org.mitre.oval:def:10028", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028" - }, - { - "name" : "ADV-2005-0264", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0264" - }, - { - "name" : "12804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12804" - }, - { - "name" : "1013433", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013433" - }, - { - "name" : "14584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14584" - }, - { - "name" : "racoon-isakmp-header-dos(19707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view" + }, + { + "name": "MDKSA-2005:062", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:062" + }, + { + "name": "GLSA-200503-33", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200503-33.xml" + }, + { + "name": "racoon-isakmp-header-dos(19707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19707" + }, + { + "name": "12804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12804" + }, + { + "name": "ADV-2005-0264", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0264" + }, + { + "name": "[ipsec-tools-devel] 20050312 potential remote crash in racoon", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000" + }, + { + "name": "14584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14584" + }, + { + "name": "RHSA-2005:232", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-232.html" + }, + { + "name": "oval:org.mitre.oval:def:10028", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10028" + }, + { + "name": "1013433", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013433" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0457.json b/2005/0xxx/CVE-2005-0457.json index 3440298be30..b110115c168 100644 --- a/2005/0xxx/CVE-2005-0457.json +++ b/2005/0xxx/CVE-2005-0457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200502-17", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=81747", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=81747" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=81747", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=81747" + }, + { + "name": "GLSA-200502-17", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0939.json b/2005/0xxx/CVE-2005-0939.json index 93b090a5ae4..10587b1bfa4 100644 --- a/2005/0xxx/CVE-2005-0939.json +++ b/2005/0xxx/CVE-2005-0939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0941.json b/2005/0xxx/CVE-2005-0941.json index 23992c7236b..18af7f21a9e 100644 --- a/2005/0xxx/CVE-2005-0941.json +++ b/2005/0xxx/CVE-2005-0941.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050412 OpenOffice DOC document Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/395516" - }, - { - "name" : "http://www.openoffice.org/issues/show_bug.cgi?id=46388", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/issues/show_bug.cgi?id=46388" - }, - { - "name" : "GLSA-200504-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml" - }, - { - "name" : "RHSA-2005:375", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-375.html" - }, - { - "name" : "SUSE-SR:2005:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_21_sr.html" - }, - { - "name" : "13092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13092" - }, - { - "name" : "oval:org.mitre.oval:def:9106", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9106" - }, - { - "name" : "17027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:375", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-375.html" + }, + { + "name": "13092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13092" + }, + { + "name": "SUSE-SR:2005:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html" + }, + { + "name": "oval:org.mitre.oval:def:9106", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9106" + }, + { + "name": "GLSA-200504-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml" + }, + { + "name": "20050412 OpenOffice DOC document Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/395516" + }, + { + "name": "http://www.openoffice.org/issues/show_bug.cgi?id=46388", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/issues/show_bug.cgi?id=46388" + }, + { + "name": "17027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17027" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1103.json b/2005/1xxx/CVE-2005-1103.json index 73af8d10ccc..bbc244c3859 100644 --- a/2005/1xxx/CVE-2005-1103.json +++ b/2005/1xxx/CVE-2005-1103.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050412 IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111335219201828&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050412 IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111335219201828&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1899.json b/2005/1xxx/CVE-2005-1899.json index 97ef43ee2e8..5822cfd1e6c 100644 --- a/2005/1xxx/CVE-2005-1899.json +++ b/2005/1xxx/CVE-2005-1899.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050605 Server termination in Raknet 2.33 (before 30 May 2005)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111809312423958&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/rakzero-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rakzero-adv.txt" - }, - { - "name" : "13862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13862" - }, - { - "name" : "1014111", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014111" - }, - { - "name" : "15597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13862" + }, + { + "name": "20050605 Server termination in Raknet 2.33 (before 30 May 2005)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111809312423958&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/rakzero-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rakzero-adv.txt" + }, + { + "name": "15597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15597" + }, + { + "name": "1014111", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014111" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4174.json b/2005/4xxx/CVE-2005-4174.json index 3d143e7cd4f..ac6ceb195ff 100644 --- a/2005/4xxx/CVE-2005-4174.json +++ b/2005/4xxx/CVE-2005-4174.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051125 eFiction <= 2.0 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" - }, - { - "name" : "http://rgod.altervista.org/efiction2_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/efiction2_xpl.html" - }, - { - "name" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", - "refsource" : "CONFIRM", - "url" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" - }, - { - "name" : "15568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15568" - }, - { - "name" : "1015273", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015273" - }, - { - "name" : "17777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17777" - }, - { - "name" : "206", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555", + "refsource": "CONFIRM", + "url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555" + }, + { + "name": "15568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15568" + }, + { + "name": "http://rgod.altervista.org/efiction2_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/efiction2_xpl.html" + }, + { + "name": "17777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17777" + }, + { + "name": "1015273", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015273" + }, + { + "name": "206", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/206" + }, + { + "name": "20051125 eFiction <= 2.0 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0866.json b/2009/0xxx/CVE-2009-0866.json index 995ae73b41b..13ba4319010 100644 --- a/2009/0xxx/CVE-2009-0866.json +++ b/2009/0xxx/CVE-2009-0866.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8073", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8073" - }, - { - "name" : "phnews-genbackup-info-disclosure(48801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phnews-genbackup-info-disclosure(48801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48801" + }, + { + "name": "8073", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8073" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1241.json b/2009/1xxx/CVE-2009-1241.json index ec4daca1095..efbc41439c5 100644 --- a/2009/1xxx/CVE-2009-1241.json +++ b/2009/1xxx/CVE-2009-1241.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090402 [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502366/100/0/threaded" - }, - { - "name" : "[oss-security] 20090407 Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/07/6" - }, - { - "name" : "http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "MDVSA-2009:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "34344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34344" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "ADV-2009-0934", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097" + }, + { + "name": "ADV-2009-0934", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0934" + }, + { + "name": "34344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34344" + }, + { + "name": "20090402 [TZO-05-2009] Clamav 0.94 and below - Evasion /bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502366/100/0/threaded" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html" + }, + { + "name": "[oss-security] 20090407 Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/07/6" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1513.json b/2009/1xxx/CVE-2009-1513.json index 76534cd5edd..a41529711c7 100644 --- a/2009/1xxx/CVE-2009-1513.json +++ b/2009/1xxx/CVE-2009-1513.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090429 Re: CVE Request -- libmodplug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/29/5" - }, - { - "name" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595", - "refsource" : "CONFIRM", - "url" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084" - }, - { - "name" : "http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4", - "refsource" : "CONFIRM", - "url" : "http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4" - }, - { - "name" : "DSA-1850", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1850" - }, - { - "name" : "GLSA-200907-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-07.xml" - }, - { - "name" : "MDVSA-2009:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:128" - }, - { - "name" : "USN-771-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-771-1" - }, - { - "name" : "34747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34747" - }, - { - "name" : "54109", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54109" - }, - { - "name" : "34927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34927" - }, - { - "name" : "35026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35026" - }, - { - "name" : "35736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35736" - }, - { - "name" : "36158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36158" - }, - { - "name" : "ADV-2009-1200", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-771-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-771-1" + }, + { + "name": "35736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35736" + }, + { + "name": "34927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34927" + }, + { + "name": "DSA-1850", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1850" + }, + { + "name": "34747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34747" + }, + { + "name": "http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4", + "refsource": "CONFIRM", + "url": "http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4" + }, + { + "name": "36158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36158" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275" + }, + { + "name": "MDVSA-2009:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:128" + }, + { + "name": "54109", + "refsource": "OSVDB", + "url": "http://osvdb.org/54109" + }, + { + "name": "35026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35026" + }, + { + "name": "[oss-security] 20090429 Re: CVE Request -- libmodplug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/29/5" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526084" + }, + { + "name": "GLSA-200907-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-07.xml" + }, + { + "name": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595", + "refsource": "CONFIRM", + "url": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms;a=commitdiff;h=c4ebb701be6ee9a296a44fdac5a20b7739ff0595" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=678622&group_id=1275" + }, + { + "name": "ADV-2009-1200", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1200" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1898.json b/2009/1xxx/CVE-2009-1898.json index 6ca4e4bbfd0..2f2b6d504c3 100644 --- a/2009/1xxx/CVE-2009-1898.json +++ b/2009/1xxx/CVE-2009-1898.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" - }, - { - "name" : "PK77010", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010" - }, - { - "name" : "35405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35405" - }, - { - "name" : "35301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35301" - }, - { - "name" : "ADV-2009-1464", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1464" - }, - { - "name" : "was-securelogin-info-disclosure(51170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35301" + }, + { + "name": "was-securelogin-info-disclosure(51170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51170" + }, + { + "name": "35405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35405" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" + }, + { + "name": "PK77010", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010" + }, + { + "name": "ADV-2009-1464", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1464" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3897.json b/2009/3xxx/CVE-2009-3897.json index 6c555a98725..f35e5085728 100644 --- a/2009/3xxx/CVE-2009-3897.json +++ b/2009/3xxx/CVE-2009-3897.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dovecot-news] 20091120 v1.2.8 released", - "refsource" : "MLIST", - "url" : "http://www.dovecot.org/list/dovecot-news/2009-November/000143.html" - }, - { - "name" : "[oss-security] 20091120 CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125871729029145&w=2" - }, - { - "name" : "[oss-security] 20091121 CVE Request - Dovecot - 1.2.8", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125881481222441&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVE Request - Dovecot - 1.2.8", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125900271508796&w=2" - }, - { - "name" : "[oss-security] 20091123 Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125900267208712&w=2" - }, - { - "name" : "MDVSA-2009:306", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:306" - }, - { - "name" : "SUSE-SR:2010:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html" - }, - { - "name" : "37084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37084" - }, - { - "name" : "60316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60316" - }, - { - "name" : "37443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37443" - }, - { - "name" : "ADV-2009-3306", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3306" - }, - { - "name" : "dovecot-basedir-privilege-escalation(54363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37443" + }, + { + "name": "60316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60316" + }, + { + "name": "[oss-security] 20091121 CVE Request - Dovecot - 1.2.8", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125881481222441&w=2" + }, + { + "name": "[dovecot-news] 20091120 v1.2.8 released", + "refsource": "MLIST", + "url": "http://www.dovecot.org/list/dovecot-news/2009-November/000143.html" + }, + { + "name": "SUSE-SR:2010:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html" + }, + { + "name": "ADV-2009-3306", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3306" + }, + { + "name": "[oss-security] 20091123 Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125900267208712&w=2" + }, + { + "name": "[oss-security] 20091120 CVE request: v1.2.8 released to fix the 0777 base_dir creation issue", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125871729029145&w=2" + }, + { + "name": "37084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37084" + }, + { + "name": "MDVSA-2009:306", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:306" + }, + { + "name": "[oss-security] 20091123 Re: CVE Request - Dovecot - 1.2.8", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125900271508796&w=2" + }, + { + "name": "dovecot-basedir-privilege-escalation(54363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54363" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4269.json b/2009/4xxx/CVE-2009-4269.json index 83faf37718b..e50c601b583 100644 --- a/2009/4xxx/CVE-2009-4269.json +++ b/2009/4xxx/CVE-2009-4269.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[apache-db-general] 20100519 [ANNOUNCE] Apache Derby 10.6.1.0 released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-db-general&m=127428514905504&w=1" - }, - { - "name" : "http://blogs.sun.com/kah/entry/derby_10_6_1_has", - "refsource" : "MISC", - "url" : "http://blogs.sun.com/kah/entry/derby_10_6_1_has" - }, - { - "name" : "http://marcellmajor.com/derbyhash.html", - "refsource" : "MISC", - "url" : "http://marcellmajor.com/derbyhash.html" - }, - { - "name" : "http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269", - "refsource" : "CONFIRM", - "url" : "http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269" - }, - { - "name" : "https://issues.apache.org/jira/browse/DERBY-4483", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/DERBY-4483" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "42637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42637" - }, - { - "name" : "1024977", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024977" - }, - { - "name" : "42970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42970" - }, - { - "name" : "42948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42948" - }, - { - "name" : "ADV-2011-0149", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[apache-db-general] 20100519 [ANNOUNCE] Apache Derby 10.6.1.0 released", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-db-general&m=127428514905504&w=1" + }, + { + "name": "42948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42948" + }, + { + "name": "https://issues.apache.org/jira/browse/DERBY-4483", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/DERBY-4483" + }, + { + "name": "http://blogs.sun.com/kah/entry/derby_10_6_1_has", + "refsource": "MISC", + "url": "http://blogs.sun.com/kah/entry/derby_10_6_1_has" + }, + { + "name": "ADV-2011-0149", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0149" + }, + { + "name": "42970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42970" + }, + { + "name": "http://marcellmajor.com/derbyhash.html", + "refsource": "MISC", + "url": "http://marcellmajor.com/derbyhash.html" + }, + { + "name": "1024977", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024977" + }, + { + "name": "http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269", + "refsource": "CONFIRM", + "url": "http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269" + }, + { + "name": "42637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42637" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4309.json b/2009/4xxx/CVE-2009-4309.json index 1055b22677d..cc00c36d466 100644 --- a/2009/4xxx/CVE-2009-4309.json +++ b/2009/4xxx/CVE-2009-4309.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091208 ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508324/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-09-089/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-09-089/" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/954157.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/954157.mspx" - }, - { - "name" : "954157", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/954157" - }, - { - "name" : "955759", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/955759" - }, - { - "name" : "976138", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/976138" - }, - { - "name" : "37251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37251" - }, - { - "name" : "60855", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60855" - }, - { - "name" : "oval:org.mitre.oval:def:12188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12188" - }, - { - "name" : "1023302", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023302" - }, - { - "name" : "37592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37592" - }, - { - "name" : "ADV-2009-3440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3440" - }, - { - "name" : "ms-ie-content-code-execution(54645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645" - }, - { - "name" : "ms-ie-indeo41-bo(54642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "955759", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/955759" + }, + { + "name": "20091208 ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508324/100/0/threaded" + }, + { + "name": "ms-ie-indeo41-bo(54642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54642" + }, + { + "name": "1023302", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023302" + }, + { + "name": "37251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37251" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/954157.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx" + }, + { + "name": "976138", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/976138" + }, + { + "name": "ADV-2009-3440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3440" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-09-089/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-09-089/" + }, + { + "name": "954157", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/954157" + }, + { + "name": "oval:org.mitre.oval:def:12188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12188" + }, + { + "name": "60855", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60855" + }, + { + "name": "ms-ie-content-code-execution(54645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645" + }, + { + "name": "37592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37592" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4587.json b/2009/4xxx/CVE-2009-4587.json index 602c20f23a9..1b0a4c24eb6 100644 --- a/2009/4xxx/CVE-2009-4587.json +++ b/2009/4xxx/CVE-2009-4587.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091026 Cherokee Web Server 0.5.4 Denial Of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507456/100/0/threaded" - }, - { - "name" : "20091103 Re: Cherokee Web Server 0.5.4 Denial Of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507651/100/0/thread" - }, - { - "name" : "http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/", - "refsource" : "MISC", - "url" : "http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/" - }, - { - "name" : "36814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36814" - }, - { - "name" : "1023095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023095" - }, - { - "name" : "cherokee-get-dos(53957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1023095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023095" + }, + { + "name": "http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/", + "refsource": "MISC", + "url": "http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/" + }, + { + "name": "20091103 Re: Cherokee Web Server 0.5.4 Denial Of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507651/100/0/thread" + }, + { + "name": "36814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36814" + }, + { + "name": "20091026 Cherokee Web Server 0.5.4 Denial Of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507456/100/0/threaded" + }, + { + "name": "cherokee-get-dos(53957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53957" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4757.json b/2009/4xxx/CVE-2009-4757.json index 73a4576366b..6ea83747ccc 100644 --- a/2009/4xxx/CVE-2009-4757.json +++ b/2009/4xxx/CVE-2009-4757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8601", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8601" - }, - { - "name" : "34806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8601", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8601" + }, + { + "name": "34806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34806" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4970.json b/2009/4xxx/CVE-2009-4970.json index 72a07471f10..809fa2ca1f8 100644 --- a/2009/4xxx/CVE-2009-4970.json +++ b/2009/4xxx/CVE-2009-4970.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/" - }, - { - "name" : "36138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36138" - }, - { - "name" : "ADV-2009-2411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36138" + }, + { + "name": "ADV-2009-2411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2411" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2514.json b/2012/2xxx/CVE-2012-2514.json index 5e1f4b7385d..dd3c2dff7d0 100644 --- a/2012/2xxx/CVE-2012-2514.json +++ b/2012/2xxx/CVE-2012-2514.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1687910", - "refsource" : "MISC", - "url" : "https://service.sap.com/sap/support/notes/1687910" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "1027052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027052" - }, - { - "name" : "netweaver-diagieventsource-dos(75456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netweaver-diagieventsource-dos(75456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75456" + }, + { + "name": "https://service.sap.com/sap/support/notes/1687910", + "refsource": "MISC", + "url": "https://service.sap.com/sap/support/notes/1687910" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities" + }, + { + "name": "1027052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027052" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2682.json b/2012/2xxx/CVE-2012-2682.json index 2afd29184ad..8dc1c8211f8 100644 --- a/2012/2xxx/CVE-2012-2682.json +++ b/2012/2xxx/CVE-2012-2682.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=830254", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=830254" - }, - { - "name" : "RHSA-2014:0858", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0858.html" - }, - { - "name" : "RHSA-2014:0859", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0859.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0858", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=830254", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=830254" + }, + { + "name": "RHSA-2014:0859", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2788.json b/2012/2xxx/CVE-2012-2788.json index 398d40f0e1e..170808b2134 100644 --- a/2012/2xxx/CVE-2012-2788.json +++ b/2012/2xxx/CVE-2012-2788.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array read\" when a \"packet is shrunk.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array read\" when a \"packet is shrunk.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2932.json b/2012/2xxx/CVE-2012-2932.json index 587baac3539..131df48f3eb 100644 --- a/2012/2xxx/CVE-2012-2932.json +++ b/2012/2xxx/CVE-2012-2932.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23093", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23093" - }, - { - "name" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html", - "refsource" : "CONFIRM", - "url" : "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html" - }, - { - "name" : "54019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54019" - }, - { - "name" : "82962", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html", + "refsource": "CONFIRM", + "url": "http://www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23093", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23093" + }, + { + "name": "54019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54019" + }, + { + "name": "82962", + "refsource": "OSVDB", + "url": "http://osvdb.org/82962" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2974.json b/2012/2xxx/CVE-2012-2974.json index 1e1b8af9342..b8e072abcfa 100644 --- a/2012/2xxx/CVE-2012-2974.json +++ b/2012/2xxx/CVE-2012-2974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#377915", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/377915" - }, - { - "name" : "1027285", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027285", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027285" + }, + { + "name": "VU#377915", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/377915" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6151.json b/2012/6xxx/CVE-2012-6151.json index 4f4fa288373..064908e696e 100644 --- a/2012/6xxx/CVE-2012-6151.json +++ b/2012/6xxx/CVE-2012-6151.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/398" - }, - { - "name" : "[oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/415" - }, - { - "name" : "http://sourceforge.net/p/net-snmp/bugs/2411/", - "refsource" : "MISC", - "url" : "http://sourceforge.net/p/net-snmp/bugs/2411/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1038007", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1038007" - }, - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - }, - { - "name" : "GLSA-201409-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" - }, - { - "name" : "RHSA-2014:0322", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2014-0322.html" - }, - { - "name" : "USN-2166-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2166-1" - }, - { - "name" : "64048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64048" - }, - { - "name" : "57870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57870" - }, - { - "name" : "55804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55804" - }, - { - "name" : "59974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59974" - }, - { - "name" : "netsnmp-cve20126151-dos(89485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64048" + }, + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + }, + { + "name": "http://sourceforge.net/p/net-snmp/bugs/2411/", + "refsource": "MISC", + "url": "http://sourceforge.net/p/net-snmp/bugs/2411/" + }, + { + "name": "RHSA-2014:0322", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html" + }, + { + "name": "[oss-security] 20131202 Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/415" + }, + { + "name": "[oss-security] 20131202 NMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/398" + }, + { + "name": "USN-2166-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2166-1" + }, + { + "name": "59974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59974" + }, + { + "name": "57870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57870" + }, + { + "name": "GLSA-201409-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" + }, + { + "name": "netsnmp-cve20126151-dos(89485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89485" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "55804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55804" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1038007", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038007" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6211.json b/2012/6xxx/CVE-2012-6211.json index df02cb62e43..6bb38db29a8 100644 --- a/2012/6xxx/CVE-2012-6211.json +++ b/2012/6xxx/CVE-2012-6211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6211", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6211", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1217.json b/2015/1xxx/CVE-2015-1217.json index 5b4077e2f22..70cf7b90d10 100644 --- a/2015/1xxx/CVE-2015-1217.json +++ b/2015/1xxx/CVE-2015-1217.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=456192", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=456192" - }, - { - "name" : "https://codereview.chromium.org/910683002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/910683002" - }, - { - "name" : "https://codereview.chromium.org/958543002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/958543002" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=189796&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=189796&view=revision" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=189796&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=189796&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=456192", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=456192" + }, + { + "name": "https://codereview.chromium.org/958543002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/958543002" + }, + { + "name": "https://codereview.chromium.org/910683002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/910683002" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1220.json b/2015/1xxx/CVE-2015-1220.json index 623418a2786..d86283e7c1b 100644 --- a/2015/1xxx/CVE-2015-1220.json +++ b/2015/1xxx/CVE-2015-1220.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=437651", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=437651" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=188423&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=188423&view=revision" - }, - { - "name" : "GLSA-201503-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-12" - }, - { - "name" : "RHSA-2015:0627", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" - }, - { - "name" : "USN-2521-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2521-1" - }, - { - "name" : "72901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2521-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2521-1" + }, + { + "name": "72901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72901" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=188423&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=188423&view=revision" + }, + { + "name": "GLSA-201503-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-12" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=437651", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=437651" + }, + { + "name": "RHSA-2015:0627", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1318.json b/2015/1xxx/CVE-2015-1318.json index 5f7d668e390..9d72801e507 100644 --- a/2015/1xxx/CVE-2015-1318.json +++ b/2015/1xxx/CVE-2015-1318.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36782", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36782/" - }, - { - "name" : "43971", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43971/" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758" - }, - { - "name" : "https://launchpad.net/apport/trunk/2.17.1", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/apport/trunk/2.17.1" - }, - { - "name" : "USN-2569-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2569-1" - }, - { - "name" : "120803", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/120803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.net/apport/trunk/2.17.1", + "refsource": "CONFIRM", + "url": "https://launchpad.net/apport/trunk/2.17.1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758" + }, + { + "name": "120803", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/120803" + }, + { + "name": "36782", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36782/" + }, + { + "name": "USN-2569-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2569-1" + }, + { + "name": "43971", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43971/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1382.json b/2015/1xxx/CVE-2015-1382.json index 9aa36e49846..11e4433ca0a 100644 --- a/2015/1xxx/CVE-2015-1382.json +++ b/2015/1xxx/CVE-2015-1382.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150126 CVE request for Privoxy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/26/4" - }, - { - "name" : "[oss-security] 20150127 Re: CVE request for Privoxy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/27/20" - }, - { - "name" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", - "refsource" : "CONFIRM", - "url" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup" - }, - { - "name" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", - "refsource" : "CONFIRM", - "url" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298" - }, - { - "name" : "DSA-3145", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3145" - }, - { - "name" : "openSUSE-SU-2015:0230", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html" - }, - { - "name" : "62775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62775" - }, - { - "name" : "62899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150126 CVE request for Privoxy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/26/4" + }, + { + "name": "62899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62899" + }, + { + "name": "DSA-3145", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3145" + }, + { + "name": "62775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62775" + }, + { + "name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup", + "refsource": "CONFIRM", + "url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup" + }, + { + "name": "[oss-security] 20150127 Re: CVE request for Privoxy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/27/20" + }, + { + "name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298", + "refsource": "CONFIRM", + "url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298" + }, + { + "name": "openSUSE-SU-2015:0230", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5996.json b/2015/5xxx/CVE-2015-5996.json index 80419044ec8..bfc30ceba9f 100644 --- a/2015/5xxx/CVE-2015-5996.json +++ b/2015/5xxx/CVE-2015-5996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-5996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45078", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45078/" - }, - { - "name" : "VU#630872", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/630872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45078", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45078/" + }, + { + "name": "VU#630872", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/630872" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11009.json b/2018/11xxx/CVE-2018-11009.json index a4cf9301e71..4d2021591b4 100644 --- a/2018/11xxx/CVE-2018-11009.json +++ b/2018/11xxx/CVE-2018-11009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11094.json b/2018/11xxx/CVE-2018-11094.json index d54c79b3ac1..7d044074967 100644 --- a/2018/11xxx/CVE-2018-11094.json +++ b/2018/11xxx/CVE-2018-11094.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44637", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44637/" - }, - { - "name" : "https://blog.kos-lab.com/Hello-World/", - "refsource" : "MISC", - "url" : "https://blog.kos-lab.com/Hello-World/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.kos-lab.com/Hello-World/", + "refsource": "MISC", + "url": "https://blog.kos-lab.com/Hello-World/" + }, + { + "name": "44637", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44637/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11125.json b/2018/11xxx/CVE-2018-11125.json index d311f537798..c31cd693711 100644 --- a/2018/11xxx/CVE-2018-11125.json +++ b/2018/11xxx/CVE-2018-11125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11125", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11125", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11375.json b/2018/11xxx/CVE-2018-11375.json index 13450895711..2f1da07fe22 100644 --- a/2018/11xxx/CVE-2018-11375.json +++ b/2018/11xxx/CVE-2018-11375.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68" - }, - { - "name" : "https://github.com/radare/radare2/issues/9928", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/9928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/9928", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/9928" + }, + { + "name": "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11636.json b/2018/11xxx/CVE-2018-11636.json index 083a43aed42..a16d07c293b 100644 --- a/2018/11xxx/CVE-2018-11636.json +++ b/2018/11xxx/CVE-2018-11636.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://d3adend.org/blog/?p=1398", - "refsource" : "MISC", - "url" : "https://d3adend.org/blog/?p=1398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://d3adend.org/blog/?p=1398", + "refsource": "MISC", + "url": "https://d3adend.org/blog/?p=1398" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15002.json b/2018/15xxx/CVE-2018-15002.json index 3715f2ee057..90bb954f158 100644 --- a/2018/15xxx/CVE-2018-15002.json +++ b/2018/15xxx/CVE-2018-15002.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. The com.qualcomm.qti.modemtestmode app (versionCode=25, versionName=7.1.2) that contains an exported service named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app co-located on the device to provide key-value pairs to set certain system properties. Notably, system properties with the persist.* prefix can be set which will survive a reboot. On the Vivo V7 device, when the persist.sys.input.log property is set to have a value of yes, the user's screen touches be written to the logcat log by the InputDispatcher for all apps. The system-wide logcat log can be obtained from external storage via a different known vulnerability on the device. The READ_EXTERNAL_STORAGE permission is necessary to access the log files containing the user's touch coordinates. With some effort, the user's touch coordinates can be mapped to key presses on a keyboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3170.json b/2018/3xxx/CVE-2018-3170.json index a86955584c5..05a9dc384b5 100644 --- a/2018/3xxx/CVE-2018-3170.json +++ b/2018/3xxx/CVE-2018-3170.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "105607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105607" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "105607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105607" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3175.json b/2018/3xxx/CVE-2018-3175.json index 3144fdab86c..95d0ca5676b 100644 --- a/2018/3xxx/CVE-2018-3175.json +++ b/2018/3xxx/CVE-2018-3175.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hyperion Common Events", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Common Events", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105642" - }, - { - "name" : "1041898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105642" + }, + { + "name": "1041898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041898" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3348.json b/2018/3xxx/CVE-2018-3348.json index fa24d8e696a..9fb9526c073 100644 --- a/2018/3xxx/CVE-2018-3348.json +++ b/2018/3xxx/CVE-2018-3348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3434.json b/2018/3xxx/CVE-2018-3434.json index fd7e465beba..d7223ab7dad 100644 --- a/2018/3xxx/CVE-2018-3434.json +++ b/2018/3xxx/CVE-2018-3434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3434", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3434", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3452.json b/2018/3xxx/CVE-2018-3452.json index 1d3aa613042..404228e318a 100644 --- a/2018/3xxx/CVE-2018-3452.json +++ b/2018/3xxx/CVE-2018-3452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3705.json b/2018/3xxx/CVE-2018-3705.json index 3d438dff114..83734157256 100644 --- a/2018/3xxx/CVE-2018-3705.json +++ b/2018/3xxx/CVE-2018-3705.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel System Defense Utility", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel System Defense Utility", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00209.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00209.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00209.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00209.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7374.json b/2018/7xxx/CVE-2018-7374.json index c2eb083c1fa..86c6ab4cbd6 100644 --- a/2018/7xxx/CVE-2018-7374.json +++ b/2018/7xxx/CVE-2018-7374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7881.json b/2018/7xxx/CVE-2018-7881.json index 1c56ea3ddc7..9a96429952b 100644 --- a/2018/7xxx/CVE-2018-7881.json +++ b/2018/7xxx/CVE-2018-7881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7881", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7881", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7947.json b/2018/7xxx/CVE-2018-7947.json index 813b61bea21..a368b98f6ac 100644 --- a/2018/7xxx/CVE-2018-7947.json +++ b/2018/7xxx/CVE-2018-7947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emily-AL00A", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier before 8.1.0.153(C00)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emily-AL00A", + "version": { + "version_data": [ + { + "version_value": "Versions earlier before 8.1.0.153(C00)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8749.json b/2018/8xxx/CVE-2018-8749.json index 32d889b69d9..288e188b0fd 100644 --- a/2018/8xxx/CVE-2018-8749.json +++ b/2018/8xxx/CVE-2018-8749.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8749", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8749", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8819.json b/2018/8xxx/CVE-2018-8819.json index 3f79f9d47ad..c7fc89cdbd0 100644 --- a/2018/8xxx/CVE-2018-8819.json +++ b/2018/8xxx/CVE-2018-8819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the \"X-Wap-Profile\" HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180608 Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/21" - }, - { - "name" : "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html" - }, - { - "name" : "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html", - "refsource" : "MISC", - "url" : "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the \"X-Wap-Profile\" HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180608 Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/21" + }, + { + "name": "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html" + }, + { + "name": "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html", + "refsource": "MISC", + "url": "https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html" + } + ] + } +} \ No newline at end of file