From 4c7fbf6f19af83a85c07369f8194de9f74287c1d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:45:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0089.json | 180 ++++++++++++------------ 2005/0xxx/CVE-2005-0010.json | 220 ++++++++++++++--------------- 2005/0xxx/CVE-2005-0033.json | 210 +++++++++++++-------------- 2005/0xxx/CVE-2005-0436.json | 150 ++++++++++---------- 2005/0xxx/CVE-2005-0493.json | 120 ++++++++-------- 2005/0xxx/CVE-2005-0696.json | 190 ++++++++++++------------- 2005/0xxx/CVE-2005-0701.json | 140 +++++++++--------- 2005/0xxx/CVE-2005-0736.json | 190 ++++++++++++------------- 2005/1xxx/CVE-2005-1148.json | 140 +++++++++--------- 2005/1xxx/CVE-2005-1285.json | 150 ++++++++++---------- 2005/1xxx/CVE-2005-1731.json | 34 ++--- 2005/4xxx/CVE-2005-4010.json | 180 ++++++++++++------------ 2005/4xxx/CVE-2005-4037.json | 170 +++++++++++----------- 2005/4xxx/CVE-2005-4610.json | 160 ++++++++++----------- 2005/4xxx/CVE-2005-4834.json | 170 +++++++++++----------- 2009/0xxx/CVE-2009-0085.json | 180 ++++++++++++------------ 2009/0xxx/CVE-2009-0367.json | 240 +++++++++++++++---------------- 2009/0xxx/CVE-2009-0495.json | 130 ++++++++--------- 2009/0xxx/CVE-2009-0757.json | 170 +++++++++++----------- 2009/1xxx/CVE-2009-1230.json | 120 ++++++++-------- 2009/1xxx/CVE-2009-1943.json | 190 ++++++++++++------------- 2009/1xxx/CVE-2009-1947.json | 150 ++++++++++---------- 2009/4xxx/CVE-2009-4274.json | 250 ++++++++++++++++----------------- 2009/4xxx/CVE-2009-4359.json | 140 +++++++++--------- 2009/4xxx/CVE-2009-4555.json | 140 +++++++++--------- 2009/4xxx/CVE-2009-4652.json | 190 ++++++++++++------------- 2009/4xxx/CVE-2009-4801.json | 130 ++++++++--------- 2009/5xxx/CVE-2009-5032.json | 150 ++++++++++---------- 2012/2xxx/CVE-2012-2260.json | 34 ++--- 2012/2xxx/CVE-2012-2476.json | 34 ++--- 2012/2xxx/CVE-2012-2798.json | 230 +++++++++++++++--------------- 2012/3xxx/CVE-2012-3853.json | 34 ++--- 2012/3xxx/CVE-2012-3899.json | 120 ++++++++-------- 2012/3xxx/CVE-2012-3960.json | 230 +++++++++++++++--------------- 2012/6xxx/CVE-2012-6053.json | 180 ++++++++++++------------ 2012/6xxx/CVE-2012-6284.json | 34 ++--- 2012/6xxx/CVE-2012-6448.json | 34 ++--- 2012/6xxx/CVE-2012-6449.json | 34 ++--- 2015/5xxx/CVE-2015-5047.json | 34 ++--- 2015/5xxx/CVE-2015-5263.json | 150 ++++++++++---------- 2015/5xxx/CVE-2015-5887.json | 150 ++++++++++---------- 2015/5xxx/CVE-2015-5926.json | 180 ++++++++++++------------ 2018/11xxx/CVE-2018-11027.json | 130 ++++++++--------- 2018/11xxx/CVE-2018-11153.json | 140 +++++++++--------- 2018/11xxx/CVE-2018-11778.json | 132 ++++++++--------- 2018/14xxx/CVE-2018-14540.json | 34 ++--- 2018/14xxx/CVE-2018-14652.json | 180 ++++++++++++------------ 2018/15xxx/CVE-2018-15177.json | 120 ++++++++-------- 2018/15xxx/CVE-2018-15976.json | 150 ++++++++++---------- 2018/15xxx/CVE-2018-15992.json | 130 ++++++++--------- 2018/3xxx/CVE-2018-3114.json | 34 ++--- 2018/8xxx/CVE-2018-8559.json | 34 ++--- 2018/8xxx/CVE-2018-8988.json | 120 ++++++++-------- 2018/8xxx/CVE-2018-8993.json | 120 ++++++++-------- 54 files changed, 3693 insertions(+), 3693 deletions(-) diff --git a/2002/0xxx/CVE-2002-0089.json b/2002/0xxx/CVE-2002-0089.json index af7c897c142..a96fdc9de71 100644 --- a/2002/0xxx/CVE-2002-0089.json +++ b/2002/0xxx/CVE-2002-0089.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/270122" - }, - { - "name" : "http://www.esecurityonline.com/advisories/eSO2397.asp", - "refsource" : "MISC", - "url" : "http://www.esecurityonline.com/advisories/eSO2397.asp" - }, - { - "name" : "4624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4624" - }, - { - "name" : "oval:org.mitre.oval:def:67", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67" - }, - { - "name" : "oval:org.mitre.oval:def:68", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68" - }, - { - "name" : "solaris-admintool-d-bo(8954)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8954.php" - }, - { - "name" : "solaris-admintool-prodvers-bo(8955)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8955.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-admintool-prodvers-bo(8955)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8955.php" + }, + { + "name": "solaris-admintool-d-bo(8954)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8954.php" + }, + { + "name": "oval:org.mitre.oval:def:67", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67" + }, + { + "name": "4624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4624" + }, + { + "name": "http://www.esecurityonline.com/advisories/eSO2397.asp", + "refsource": "MISC", + "url": "http://www.esecurityonline.com/advisories/eSO2397.asp" + }, + { + "name": "20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/270122" + }, + { + "name": "oval:org.mitre.oval:def:68", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0010.json b/2005/0xxx/CVE-2005-0010.json index 5a73e1a750e..bda4e0b6a05 100644 --- a/2005/0xxx/CVE-2005-0010.json +++ b/2005/0xxx/CVE-2005-0010.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00017.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00017.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200501-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml" - }, - { - "name" : "MDKSA-2005:013", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:013" - }, - { - "name" : "RHSA-2005:037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-037.html" - }, - { - "name" : "RHSA-2005:011", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-011.html" - }, - { - "name" : "P-106", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-106.shtml" - }, - { - "name" : "12326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12326" - }, - { - "name" : "oval:org.mitre.oval:def:9521", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9521" - }, - { - "name" : "13946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13946/" - }, - { - "name" : "ethereal-mmse-free-memory(19003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12326" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00017.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00017.html" + }, + { + "name": "RHSA-2005:037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-037.html" + }, + { + "name": "13946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13946/" + }, + { + "name": "RHSA-2005:011", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-011.html" + }, + { + "name": "ethereal-mmse-free-memory(19003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19003" + }, + { + "name": "oval:org.mitre.oval:def:9521", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9521" + }, + { + "name": "GLSA-200501-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml" + }, + { + "name": "P-106", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-106.shtml" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "MDKSA-2005:013", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:013" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0033.json b/2005/0xxx/CVE-2005-0033.json index a9d0bb28fb4..e905f1a73a3 100644 --- a/2005/0xxx/CVE-2005-0033.json +++ b/2005/0xxx/CVE-2005-0033.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html" - }, - { - "name" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php" - }, - { - "name" : "http://www.isc.org/index.pl?/sw/bind/bind8.php", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/index.pl?/sw/bind/bind8.php" - }, - { - "name" : "SCOSA-2006.1", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1/SCOSA-2006.1.txt" - }, - { - "name" : "VU#327633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/327633" - }, - { - "name" : "12364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12364" - }, - { - "name" : "1012996", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012996" - }, - { - "name" : "14009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14009" - }, - { - "name" : "18291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18291" - }, - { - "name" : "bind-qusedns-bo(19063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012996", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012996" + }, + { + "name": "http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html" + }, + { + "name": "VU#327633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/327633" + }, + { + "name": "14009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14009" + }, + { + "name": "12364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12364" + }, + { + "name": "http://www.isc.org/index.pl?/sw/bind/bind8.php", + "refsource": "CONFIRM", + "url": "http://www.isc.org/index.pl?/sw/bind/bind8.php" + }, + { + "name": "SCOSA-2006.1", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1/SCOSA-2006.1.txt" + }, + { + "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php", + "refsource": "CONFIRM", + "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php" + }, + { + "name": "18291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18291" + }, + { + "name": "bind-qusedns-bo(19063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19063" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0436.json b/2005/0xxx/CVE-2005-0436.json index 052d9c7ede1..233c5875c03 100644 --- a/2005/0xxx/CVE-2005-0436.json +++ b/2005/0xxx/CVE-2005-0436.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 AWStats <= 6.4 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390368" - }, - { - "name" : "13832", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13832" - }, - { - "name" : "14299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14299" - }, - { - "name" : "awstats-function-code-execution(19336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14299" + }, + { + "name": "awstats-function-code-execution(19336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19336" + }, + { + "name": "20050214 AWStats <= 6.4 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390368" + }, + { + "name": "13832", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13832" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0493.json b/2005/0xxx/CVE-2005-0493.json index 2bf5f5fdf99..a025dd0b5ef 100644 --- a/2005/0xxx/CVE-2005-0493.json +++ b/2005/0xxx/CVE-2005-0493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 BizMail 2.1 Spam Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110876655521321&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050218 BizMail 2.1 Spam Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110876655521321&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0696.json b/2005/0xxx/CVE-2005-0696.json index 55560728591..aaba0ea1703 100644 --- a/2005/0xxx/CVE-2005-0696.json +++ b/2005/0xxx/CVE-2005-0696.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 ArGoSoft FTP Server 1.4.2.8 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/392653" - }, - { - "name" : "20060225 ArGoSoft FTP server remote heap overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426081/100/0/threaded" - }, - { - "name" : "20060225 ArGoSoft FTP server remote heap overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042523.html" - }, - { - "name" : "https://www.securinfos.info/english/security-advisories-alerts/20060225_ArGoSoft.FTP.Server_Heap.Overflow.html", - "refsource" : "MISC", - "url" : "https://www.securinfos.info/english/security-advisories-alerts/20060225_ArGoSoft.FTP.Server_Heap.Overflow.html" - }, - { - "name" : "12755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12755" - }, - { - "name" : "1015681", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015681" - }, - { - "name" : "14526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14526" - }, - { - "name" : "494", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050308 ArGoSoft FTP Server 1.4.2.8 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/392653" + }, + { + "name": "14526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14526" + }, + { + "name": "1015681", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015681" + }, + { + "name": "494", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/494" + }, + { + "name": "12755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12755" + }, + { + "name": "https://www.securinfos.info/english/security-advisories-alerts/20060225_ArGoSoft.FTP.Server_Heap.Overflow.html", + "refsource": "MISC", + "url": "https://www.securinfos.info/english/security-advisories-alerts/20060225_ArGoSoft.FTP.Server_Heap.Overflow.html" + }, + { + "name": "20060225 ArGoSoft FTP server remote heap overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042523.html" + }, + { + "name": "20060225 ArGoSoft FTP server remote heap overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426081/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0701.json b/2005/0xxx/CVE-2005-0701.json index 5d11f62423f..2435d775bc1 100644 --- a/2005/0xxx/CVE-2005-0701.json +++ b/2005/0xxx/CVE-2005-0701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via \"\\\\.\\\\..\" (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050307 - Argeniss - Oracle Database Server Directory transversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111023635928211&w=2" - }, - { - "name" : "20050307 - Argeniss - Oracle Database Server Directory transversal", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032273.html" - }, - { - "name" : "http://www.argeniss.com/research/ARGENISS-ADV-030501.txt", - "refsource" : "MISC", - "url" : "http://www.argeniss.com/research/ARGENISS-ADV-030501.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via \"\\\\.\\\\..\" (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050307 - Argeniss - Oracle Database Server Directory transversal", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032273.html" + }, + { + "name": "20050307 - Argeniss - Oracle Database Server Directory transversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111023635928211&w=2" + }, + { + "name": "http://www.argeniss.com/research/ARGENISS-ADV-030501.txt", + "refsource": "MISC", + "url": "http://www.argeniss.com/research/ARGENISS-ADV-030501.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0736.json b/2005/0xxx/CVE-2005-0736.json index e83a326b3b6..ecc5b0e368d 100644 --- a/2005/0xxx/CVE-2005-0736.json +++ b/2005/0xxx/CVE-2005-0736.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050309 overwriting low kernel memory", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d" - }, - { - "name" : "RHSA-2005:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "SUSE-SA:2005:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_18_kernel.html" - }, - { - "name" : "USN-95-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/95-1/" - }, - { - "name" : "12763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12763" - }, - { - "name" : "oval:org.mitre.oval:def:9870", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "12763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12763" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.6/cset@422dd06a1p5PsyFhoGAJseinjEq3ew?nav=index.html|ChangeSet@-1d" + }, + { + "name": "SUSE-SA:2005:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_18_kernel.html" + }, + { + "name": "20050309 overwriting low kernel memory", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html" + }, + { + "name": "oval:org.mitre.oval:def:9870", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9870" + }, + { + "name": "RHSA-2005:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html" + }, + { + "name": "USN-95-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/95-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1148.json b/2005/1xxx/CVE-2005-1148.json index aa6a4040627..c9802decda6 100644 --- a/2005/1xxx/CVE-2005-1148.json +++ b/2005/1xxx/CVE-2005-1148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.snkenjoi.com/secadv/secadv3.txt", - "refsource" : "MISC", - "url" : "http://www.snkenjoi.com/secadv/secadv3.txt" - }, - { - "name" : "1013705", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013705" - }, - { - "name" : "calendarscript-path-disclosure(20102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013705", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013705" + }, + { + "name": "http://www.snkenjoi.com/secadv/secadv3.txt", + "refsource": "MISC", + "url": "http://www.snkenjoi.com/secadv/secadv3.txt" + }, + { + "name": "calendarscript-path-disclosure(20102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20102" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1285.json b/2005/1xxx/CVE-2005-1285.json index c2a541a5ddd..f471ea93f6c 100644 --- a/2005/1xxx/CVE-2005-1285.json +++ b/2005/1xxx/CVE-2005-1285.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050422 [SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111420516900814&w=2" - }, - { - "name" : "13325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13325" - }, - { - "name" : "1013790", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013790" - }, - { - "name" : "15058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050422 [SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111420516900814&w=2" + }, + { + "name": "1013790", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013790" + }, + { + "name": "15058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15058" + }, + { + "name": "13325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13325" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1731.json b/2005/1xxx/CVE-2005-1731.json index 85e748bf342..959b02418a0 100644 --- a/2005/1xxx/CVE-2005-1731.json +++ b/2005/1xxx/CVE-2005-1731.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1731", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1731", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4010.json b/2005/4xxx/CVE-2005-4010.json index 9f3246d66e2..4a718fcf42c 100644 --- a/2005/4xxx/CVE-2005-4010.json +++ b/2005/4xxx/CVE-2005-4010.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html" - }, - { - "name" : "15635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15635" - }, - { - "name" : "ADV-2005-2641", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2641" - }, - { - "name" : "21340", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21340" - }, - { - "name" : "21341", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21341" - }, - { - "name" : "17806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17806" - }, - { - "name" : "kbaseexpress-multiple-sql-injection(23309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21340", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21340" + }, + { + "name": "ADV-2005-2641", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2641" + }, + { + "name": "17806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17806" + }, + { + "name": "21341", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21341" + }, + { + "name": "kbaseexpress-multiple-sql-injection(23309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23309" + }, + { + "name": "15635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15635" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4037.json b/2005/4xxx/CVE-2005-4037.json index cc28d913efd..c2fd4175954 100644 --- a/2005/4xxx/CVE-2005-4037.json +++ b/2005/4xxx/CVE-2005-4037.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/web4future-affiliate-manager-pro-sql.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/web4future-affiliate-manager-pro-sql.html" - }, - { - "name" : "15717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15717" - }, - { - "name" : "ADV-2005-2745", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2745" - }, - { - "name" : "21457", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21457" - }, - { - "name" : "17883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17883" - }, - { - "name" : "affiliatemanager-functions-sql-injection(23415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21457", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21457" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/web4future-affiliate-manager-pro-sql.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/web4future-affiliate-manager-pro-sql.html" + }, + { + "name": "15717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15717" + }, + { + "name": "affiliatemanager-functions-sql-injection(23415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23415" + }, + { + "name": "17883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17883" + }, + { + "name": "ADV-2005-2745", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2745" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4610.json b/2005/4xxx/CVE-2005-4610.json index 98ddc7831e2..010c61257b0 100644 --- a/2005/4xxx/CVE-2005-4610.json +++ b/2005/4xxx/CVE-2005-4610.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=381793", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=381793" - }, - { - "name" : "16104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16104" - }, - { - "name" : "ADV-2006-0001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0001" - }, - { - "name" : "22125", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22125" - }, - { - "name" : "18246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18246" + }, + { + "name": "16104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16104" + }, + { + "name": "22125", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22125" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=381793", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=381793" + }, + { + "name": "ADV-2006-0001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0001" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4834.json b/2005/4xxx/CVE-2005-4834.json index 16ca61408e2..4edbf69d531 100644 --- a/2005/4xxx/CVE-2005-4834.json +++ b/2005/4xxx/CVE-2005-4834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" - }, - { - "name" : "PK28963", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013840" - }, - { - "name" : "PQ99537", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24008814" - }, - { - "name" : "22991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22991" - }, - { - "name" : "ADV-2007-0970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0970" - }, - { - "name" : "24478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0970" + }, + { + "name": "24478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24478" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" + }, + { + "name": "PQ99537", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008814" + }, + { + "name": "22991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22991" + }, + { + "name": "PK28963", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013840" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0085.json b/2009/0xxx/CVE-2009-0085.json index a6e3dc53d45..b12c3b67030 100644 --- a/2009/0xxx/CVE-2009-0085.json +++ b/2009/0xxx/CVE-2009-0085.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka \"SChannel Spoofing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-007", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-007" - }, - { - "name" : "TA09-069A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" - }, - { - "name" : "52521", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52521" - }, - { - "name" : "oval:org.mitre.oval:def:6011", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6011" - }, - { - "name" : "1021828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021828" - }, - { - "name" : "34215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34215" - }, - { - "name" : "ADV-2009-0660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka \"SChannel Spoofing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-007", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-007" + }, + { + "name": "1021828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021828" + }, + { + "name": "TA09-069A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-069A.html" + }, + { + "name": "ADV-2009-0660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0660" + }, + { + "name": "oval:org.mitre.oval:def:6011", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6011" + }, + { + "name": "34215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34215" + }, + { + "name": "52521", + "refsource": "OSVDB", + "url": "http://osvdb.org/52521" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0367.json b/2009/0xxx/CVE-2009-0367.json index 887a9b0724e..2c5d7e88839 100644 --- a/2009/0xxx/CVE-2009-0367.json +++ b/2009/0xxx/CVE-2009-0367.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wesnoth.org/forum/viewtopic.php?t=24247", - "refsource" : "CONFIRM", - "url" : "http://www.wesnoth.org/forum/viewtopic.php?t=24247" - }, - { - "name" : "http://www.wesnoth.org/forum/viewtopic.php?t=24340", - "refsource" : "CONFIRM", - "url" : "http://www.wesnoth.org/forum/viewtopic.php?t=24340" - }, - { - "name" : "https://gna.org/bugs/index.php?13048", - "refsource" : "CONFIRM", - "url" : "https://gna.org/bugs/index.php?13048" - }, - { - "name" : "http://launchpad.net/bugs/335089", - "refsource" : "CONFIRM", - "url" : "http://launchpad.net/bugs/335089" - }, - { - "name" : "http://launchpad.net/bugs/336396", - "refsource" : "CONFIRM", - "url" : "http://launchpad.net/bugs/336396" - }, - { - "name" : "http://launchpad.net/bugs/cve/2009-0367", - "refsource" : "CONFIRM", - "url" : "http://launchpad.net/bugs/cve/2009-0367" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog" - }, - { - "name" : "DSA-1737", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1737" - }, - { - "name" : "34058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34058" - }, - { - "name" : "34236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34236" - }, - { - "name" : "ADV-2009-0595", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0595" - }, - { - "name" : "wesnoth-pythonai-code-execution(49058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://launchpad.net/bugs/336396", + "refsource": "CONFIRM", + "url": "http://launchpad.net/bugs/336396" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog" + }, + { + "name": "https://gna.org/bugs/index.php?13048", + "refsource": "CONFIRM", + "url": "https://gna.org/bugs/index.php?13048" + }, + { + "name": "wesnoth-pythonai-code-execution(49058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49058" + }, + { + "name": "http://www.wesnoth.org/forum/viewtopic.php?t=24340", + "refsource": "CONFIRM", + "url": "http://www.wesnoth.org/forum/viewtopic.php?t=24340" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog" + }, + { + "name": "http://www.wesnoth.org/forum/viewtopic.php?t=24247", + "refsource": "CONFIRM", + "url": "http://www.wesnoth.org/forum/viewtopic.php?t=24247" + }, + { + "name": "34058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34058" + }, + { + "name": "ADV-2009-0595", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0595" + }, + { + "name": "http://launchpad.net/bugs/cve/2009-0367", + "refsource": "CONFIRM", + "url": "http://launchpad.net/bugs/cve/2009-0367" + }, + { + "name": "34236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34236" + }, + { + "name": "DSA-1737", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1737" + }, + { + "name": "http://launchpad.net/bugs/335089", + "refsource": "CONFIRM", + "url": "http://launchpad.net/bugs/335089" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0495.json b/2009/0xxx/CVE-2009-0495.json index 441fced843d..9cc11c14525 100644 --- a/2009/0xxx/CVE-2009-0495.json +++ b/2009/0xxx/CVE-2009-0495.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7743", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7743" - }, - { - "name" : "33227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7743", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7743" + }, + { + "name": "33227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33227" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0757.json b/2009/0xxx/CVE-2009-0757.json index 81918681b07..b2d2fb8a968 100644 --- a/2009/0xxx/CVE-2009-0757.json +++ b/2009/0xxx/CVE-2009-0757.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090302 CVE Request: mpfr (Buffer Overflow)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/02/4" - }, - { - "name" : "http://mpfr.loria.fr/mpfr-2.4.1/", - "refsource" : "CONFIRM", - "url" : "http://mpfr.loria.fr/mpfr-2.4.1/" - }, - { - "name" : "USN-772-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-772-1" - }, - { - "name" : "33945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33945" - }, - { - "name" : "34204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34204" - }, - { - "name" : "35028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34204" + }, + { + "name": "USN-772-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-772-1" + }, + { + "name": "http://mpfr.loria.fr/mpfr-2.4.1/", + "refsource": "CONFIRM", + "url": "http://mpfr.loria.fr/mpfr-2.4.1/" + }, + { + "name": "33945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33945" + }, + { + "name": "[oss-security] 20090302 CVE Request: mpfr (Buffer Overflow)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/02/4" + }, + { + "name": "35028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35028" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1230.json b/2009/1xxx/CVE-2009-1230.json index e270b66ac6d..c46bb0827a4 100644 --- a/2009/1xxx/CVE-2009-1230.json +++ b/2009/1xxx/CVE-2009-1230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8324", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8324", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8324" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1943.json b/2009/1xxx/CVE-2009-1943.json index b4cd40fc8b4..6bc40749cbb 100644 --- a/2009/1xxx/CVE-2009-1943.json +++ b/2009/1xxx/CVE-2009-1943.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090601 ZDI-09-024: Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503981/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-024/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-024/" - }, - { - "name" : "35154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35154" - }, - { - "name" : "54831", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54831" - }, - { - "name" : "1022316", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022316" - }, - { - "name" : "35280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35280" - }, - { - "name" : "ADV-2009-1472", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1472" - }, - { - "name" : "softremote-ireike-bo(50880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1472", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1472" + }, + { + "name": "1022316", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022316" + }, + { + "name": "54831", + "refsource": "OSVDB", + "url": "http://osvdb.org/54831" + }, + { + "name": "35280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35280" + }, + { + "name": "35154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35154" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-024/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-024/" + }, + { + "name": "softremote-ireike-bo(50880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50880" + }, + { + "name": "20090601 ZDI-09-024: Safenet SoftRemote IKE Service Remote Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503981/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1947.json b/2009/1xxx/CVE-2009-1947.json index 07ac4cd913a..d4aba0b57ce 100644 --- a/2009/1xxx/CVE-2009-1947.json +++ b/2009/1xxx/CVE-2009-1947.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8841", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8841" - }, - { - "name" : "35183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35183" - }, - { - "name" : "35299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35299" - }, - { - "name" : "unb-forum-sql-injection(50876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unb-forum-sql-injection(50876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50876" + }, + { + "name": "35183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35183" + }, + { + "name": "35299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35299" + }, + { + "name": "8841", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8841" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4274.json b/2009/4xxx/CVE-2009-4274.json index b5581d07cca..87e84a34fa1 100644 --- a/2009/4xxx/CVE-2009-4274.json +++ b/2009/4xxx/CVE-2009-4274.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/02/09/11" - }, - { - "name" : "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076", - "refsource" : "CONFIRM", - "url" : "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076" - }, - { - "name" : "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup", - "refsource" : "CONFIRM", - "url" : "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546580", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546580" - }, - { - "name" : "DSA-2026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2026" - }, - { - "name" : "MDVSA-2010:039", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039" - }, - { - "name" : "RHSA-2011:1811", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1811.html" - }, - { - "name" : "SUSE-SR:2010:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" - }, - { - "name" : "38164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38164" - }, - { - "name" : "38530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38530" - }, - { - "name" : "38915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38915" - }, - { - "name" : "ADV-2010-0358", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0358" - }, - { - "name" : "ADV-2010-0780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0780" - }, - { - "name" : "netpbm-xpm-bo(56207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1811", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html" + }, + { + "name": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076", + "refsource": "CONFIRM", + "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076" + }, + { + "name": "ADV-2010-0358", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0358" + }, + { + "name": "38530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38530" + }, + { + "name": "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/02/09/11" + }, + { + "name": "ADV-2010-0780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0780" + }, + { + "name": "netpbm-xpm-bo(56207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=546580", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580" + }, + { + "name": "SUSE-SR:2010:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" + }, + { + "name": "DSA-2026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2026" + }, + { + "name": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup", + "refsource": "CONFIRM", + "url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup" + }, + { + "name": "38915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38915" + }, + { + "name": "38164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38164" + }, + { + "name": "MDVSA-2010:039", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4359.json b/2009/4xxx/CVE-2009-4359.json index 7a4188cd19b..b27001e19ac 100644 --- a/2009/4xxx/CVE-2009-4359.json +++ b/2009/4xxx/CVE-2009-4359.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/0911-exploits/xoopssmartmedia-xss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0911-exploits/xoopssmartmedia-xss.txt" - }, - { - "name" : "37156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37156" - }, - { - "name" : "smartmedia-folder-xss(54488)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in folder.php in the SmartMedia 0.85 Beta module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the categoryid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37156" + }, + { + "name": "http://www.packetstormsecurity.org/0911-exploits/xoopssmartmedia-xss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0911-exploits/xoopssmartmedia-xss.txt" + }, + { + "name": "smartmedia-folder-xss(54488)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54488" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4555.json b/2009/4xxx/CVE-2009-4555.json index 8de603dcf1a..4aca12c5598 100644 --- a/2009/4xxx/CVE-2009-4555.json +++ b/2009/4xxx/CVE-2009-4555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/129/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/129/45/" - }, - { - "name" : "36789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36789" - }, - { - "name" : "agoracart-unspecified-csrf(53808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an unspecified request to protected/manager.cgi or (2) change the password of an administrative account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36789" + }, + { + "name": "http://holisticinfosec.org/content/view/129/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/129/45/" + }, + { + "name": "agoracart-unspecified-csrf(53808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53808" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4652.json b/2009/4xxx/CVE-2009-4652.json index 3d37caf0f91..5632e26a02d 100644 --- a/2009/4xxx/CVE-2009-4652.json +++ b/2009/4xxx/CVE-2009-4652.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e", - "refsource" : "MISC", - "url" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e" - }, - { - "name" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2", - "refsource" : "CONFIRM", - "url" : "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2" - }, - { - "name" : "http://ngircd.barton.de/doc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://ngircd.barton.de/doc/ChangeLog" - }, - { - "name" : "http://ngircd.barton.de/doc/NEWS", - "refsource" : "CONFIRM", - "url" : "http://ngircd.barton.de/doc/NEWS" - }, - { - "name" : "37021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37021" - }, - { - "name" : "37343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37343" - }, - { - "name" : "ADV-2009-3240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3240" - }, - { - "name" : "ngircd-ssltls-dos(54272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e", + "refsource": "MISC", + "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=blobdiff;f=src/ngircd/conn.c;h=c6095a31c613bc5ca127d55b8723e15b836f1cca;hp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c;hb=627b0b713c52406e50c84bb9459e7794262920a2;hpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e" + }, + { + "name": "http://ngircd.barton.de/doc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://ngircd.barton.de/doc/ChangeLog" + }, + { + "name": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2", + "refsource": "CONFIRM", + "url": "http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commit;h=627b0b713c52406e50c84bb9459e7794262920a2" + }, + { + "name": "37021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37021" + }, + { + "name": "ADV-2009-3240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3240" + }, + { + "name": "37343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37343" + }, + { + "name": "http://ngircd.barton.de/doc/NEWS", + "refsource": "CONFIRM", + "url": "http://ngircd.barton.de/doc/NEWS" + }, + { + "name": "ngircd-ssltls-dos(54272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54272" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4801.json b/2009/4xxx/CVE-2009-4801.json index 0c7a98f2787..f2414883cc5 100644 --- a/2009/4xxx/CVE-2009-4801.json +++ b/2009/4xxx/CVE-2009-4801.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090301 EZ-Blog Beta 1 Multiple SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501352/100/0/threaded" - }, - { - "name" : "8128", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8128", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8128" + }, + { + "name": "20090301 EZ-Blog Beta 1 Multiple SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501352/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5032.json b/2009/5xxx/CVE-2009-5032.json index 14236636148..a6c72393151 100644 --- a/2009/5xxx/CVE-2009-5032.json +++ b/2009/5xxx/CVE-2009-5032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1" - }, - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" - }, - { - "name" : "LO38116", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO38116" - }, - { - "name" : "ibm-lnt-email-information-disclosure(64743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" + }, + { + "name": "ibm-lnt-email-information-disclosure(64743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64743" + }, + { + "name": "LO38116", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO38116" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2260.json b/2012/2xxx/CVE-2012-2260.json index 3d94f01a808..252556ff402 100644 --- a/2012/2xxx/CVE-2012-2260.json +++ b/2012/2xxx/CVE-2012-2260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2260", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2260", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2476.json b/2012/2xxx/CVE-2012-2476.json index d0e48a7e5de..f8ad162e280 100644 --- a/2012/2xxx/CVE-2012-2476.json +++ b/2012/2xxx/CVE-2012-2476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2798.json b/2012/2xxx/CVE-2012-2798.json index 8745c369a09..86bad7a73bc 100644 --- a/2012/2xxx/CVE-2012-2798.json +++ b/2012/2xxx/CVE-2012-2798.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.4.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.5.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.5.changelog" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - }, - { - "name" : "USN-1705-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1705-1" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - }, - { - "name" : "51257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.5.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.5.changelog" + }, + { + "name": "http://libav.org/releases/libav-0.8.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.4.changelog" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "USN-1705-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1705-1" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "51257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51257" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3853.json b/2012/3xxx/CVE-2012-3853.json index 39ffa3e6bf2..568f304623f 100644 --- a/2012/3xxx/CVE-2012-3853.json +++ b/2012/3xxx/CVE-2012-3853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3899.json b/2012/3xxx/CVE-2012-3899.json index af3a2539dea..d5ba17fa8a9 100644 --- a/2012/3xxx/CVE-2012-3899.json +++ b/2012/3xxx/CVE-2012-3899.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3960.json b/2012/3xxx/CVE-2012-3960.json index df69c67c82e..a502e6745e7 100644 --- a/2012/3xxx/CVE-2012-3960.json +++ b/2012/3xxx/CVE-2012-3960.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771976", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771976" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "RHSA-2012:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55325" - }, - { - "name" : "oval:org.mitre.oval:def:16853", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" + }, + { + "name": "oval:org.mitre.oval:def:16853", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=771976", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=771976" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "55325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55325" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6053.json b/2012/6xxx/CVE-2012-6053.json index f93ee78acc6..ed755d834d1 100644 --- a/2012/6xxx/CVE-2012-6053.json +++ b/2012/6xxx/CVE-2012-6053.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-31.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787" - }, - { - "name" : "openSUSE-SU-2012:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" - }, - { - "name" : "openSUSE-SU-2013:0151", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:15915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15915" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-31.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-31.html" + }, + { + "name": "openSUSE-SU-2012:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html" + }, + { + "name": "openSUSE-SU-2013:0151", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6284.json b/2012/6xxx/CVE-2012-6284.json index 687696e9ae8..e1b83fcd08b 100644 --- a/2012/6xxx/CVE-2012-6284.json +++ b/2012/6xxx/CVE-2012-6284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6284", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6284", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6448.json b/2012/6xxx/CVE-2012-6448.json index 72b5acdfc95..d2685faea3c 100644 --- a/2012/6xxx/CVE-2012-6448.json +++ b/2012/6xxx/CVE-2012-6448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6449.json b/2012/6xxx/CVE-2012-6449.json index fe11355a658..cbf76f13557 100644 --- a/2012/6xxx/CVE-2012-6449.json +++ b/2012/6xxx/CVE-2012-6449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5047.json b/2015/5xxx/CVE-2015-5047.json index e602a583d91..e39547444c1 100644 --- a/2015/5xxx/CVE-2015-5047.json +++ b/2015/5xxx/CVE-2015-5047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5263.json b/2015/5xxx/CVE-2015-5263.json index da2f92be258..b769eb164e6 100644 --- a/2015/5xxx/CVE-2015-5263.json +++ b/2015/5xxx/CVE-2015-5263.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150924 Pulp 2.6.4 released for CVE-2015-5263", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/24/4" - }, - { - "name" : "http://cve.killedkenny.io/cve/CVE-2015-5263", - "refsource" : "MISC", - "url" : "http://cve.killedkenny.io/cve/CVE-2015-5263" - }, - { - "name" : "https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103", - "refsource" : "CONFIRM", - "url" : "https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103" - }, - { - "name" : "https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754", - "refsource" : "CONFIRM", - "url" : "https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cve.killedkenny.io/cve/CVE-2015-5263", + "refsource": "MISC", + "url": "http://cve.killedkenny.io/cve/CVE-2015-5263" + }, + { + "name": "[oss-security] 20150924 Pulp 2.6.4 released for CVE-2015-5263", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/24/4" + }, + { + "name": "https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754", + "refsource": "CONFIRM", + "url": "https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754" + }, + { + "name": "https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103", + "refsource": "CONFIRM", + "url": "https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5887.json b/2015/5xxx/CVE-2015-5887.json index fb57093ec9d..37cfb7d52ca 100644 --- a/2015/5xxx/CVE-2015-5887.json +++ b/2015/5xxx/CVE-2015-5887.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5926.json b/2015/5xxx/CVE-2015-5926.json index 1039bca12a1..78b1025929f 100644 --- a/2015/5xxx/CVE-2015-5926.json +++ b/2015/5xxx/CVE-2015-5926.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "https://support.apple.com/HT205375", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205375" - }, - { - "name" : "https://support.apple.com/HT205378", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205378" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-10-21-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-10-21-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html" + }, + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "https://support.apple.com/HT205375", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205375" + }, + { + "name": "APPLE-SA-2015-10-21-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "https://support.apple.com/HT205378", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205378" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11027.json b/2018/11xxx/CVE-2018-11027.json index ee9f7630a11..30f968e2e3c 100644 --- a/2018/11xxx/CVE-2018-11027.json +++ b/2018/11xxx/CVE-2018-11027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180524 Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542040/100/0/threaded" - }, - { - "name" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11027", - "refsource" : "MISC", - "url" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180524 Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542040/100/0/threaded" + }, + { + "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11027", + "refsource": "MISC", + "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11027" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11153.json b/2018/11xxx/CVE-2018-11153.json index b2abd86c06e..89656a8ba90 100644 --- a/2018/11xxx/CVE-2018-11153.json +++ b/2018/11xxx/CVE-2018-11153.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11778.json b/2018/11xxx/CVE-2018-11778.json index 63ddb49acd6..4d1e23056ac 100644 --- a/2018/11xxx/CVE-2018-11778.json +++ b/2018/11xxx/CVE-2018-11778.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-04T00:00:00", - "ID" : "CVE-2018-11778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ranger", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-04T00:00:00", + "ID": "CVE-2018-11778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ranger", + "version": { + "version_data": [ + { + "version_value": "prior to 1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0", - "refsource" : "MLIST", - "url" : "https://seclists.org/oss-sec/2018/q4/11" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" + }, + { + "name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0", + "refsource": "MLIST", + "url": "https://seclists.org/oss-sec/2018/q4/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14540.json b/2018/14xxx/CVE-2018-14540.json index 96d4a63a96e..aa0cc76d234 100644 --- a/2018/14xxx/CVE-2018-14540.json +++ b/2018/14xxx/CVE-2018-14540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14652.json b/2018/14xxx/CVE-2018-14652.json index 1ada5a041c2..cbfd26adb23 100644 --- a/2018/14xxx/CVE-2018-14652.json +++ b/2018/14xxx/CVE-2018-14652.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-14652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "through 3.12 and 4.1.4" - } - ] - } - } - ] - }, - "vendor_name" : "The Gluster Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "through 3.12 and 4.1.4" + } + ] + } + } + ] + }, + "vendor_name": "The Gluster Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652" - }, - { - "name" : "RHSA-2018:3431", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3431" - }, - { - "name" : "RHSA-2018:3432", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3432" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3431", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3431" + }, + { + "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652" + }, + { + "name": "RHSA-2018:3432", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3432" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15177.json b/2018/15xxx/CVE-2018-15177.json index b89761d652e..22f5dfa0d19 100644 --- a/2018/15xxx/CVE-2018-15177.json +++ b/2018/15xxx/CVE-2018-15177.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/gxlcms/gxlcms_news_system_2/issues/ILVLP", - "refsource" : "MISC", - "url" : "https://gitee.com/gxlcms/gxlcms_news_system_2/issues/ILVLP" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/gxlcms/gxlcms_news_system_2/issues/ILVLP", + "refsource": "MISC", + "url": "https://gitee.com/gxlcms/gxlcms_news_system_2/issues/ILVLP" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15976.json b/2018/15xxx/CVE-2018-15976.json index ac75bdcfa03..0d416f4e435 100644 --- a/2018/15xxx/CVE-2018-15976.json +++ b/2018/15xxx/CVE-2018-15976.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Technical Communications Suite", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5.1 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Library Loading (DLL hijacking)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Technical Communications Suite", + "version": { + "version_data": [ + { + "version_value": "1.0.5.1 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/techcommsuite/apsb18-38.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/techcommsuite/apsb18-38.html" - }, - { - "name" : "105535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105535" - }, - { - "name" : "1041819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041819" - }, - { - "name" : "1041820", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Library Loading (DLL hijacking)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105535" + }, + { + "name": "1041820", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041820" + }, + { + "name": "https://helpx.adobe.com/security/products/techcommsuite/apsb18-38.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/techcommsuite/apsb18-38.html" + }, + { + "name": "1041819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041819" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15992.json b/2018/15xxx/CVE-2018-15992.json index 1dbc197825d..6f2f0d5e10d 100644 --- a/2018/15xxx/CVE-2018-15992.json +++ b/2018/15xxx/CVE-2018-15992.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3114.json b/2018/3xxx/CVE-2018-3114.json index 7fe2e03f32f..9aa25ea855d 100644 --- a/2018/3xxx/CVE-2018-3114.json +++ b/2018/3xxx/CVE-2018-3114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3114", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3114", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8559.json b/2018/8xxx/CVE-2018-8559.json index 394dc55e9b2..771877ef4ad 100644 --- a/2018/8xxx/CVE-2018-8559.json +++ b/2018/8xxx/CVE-2018-8559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8988.json b/2018/8xxx/CVE-2018-8988.json index ebef280cec4..3740c282dcc 100644 --- a/2018/8xxx/CVE-2018-8988.json +++ b/2018/8xxx/CVE-2018-8988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002008", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002008", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002008" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8993.json b/2018/8xxx/CVE-2018-8993.json index b555298c824..4ed419db240 100644 --- a/2018/8xxx/CVE-2018-8993.json +++ b/2018/8xxx/CVE-2018-8993.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002001", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002001", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002001" + } + ] + } +} \ No newline at end of file