From 5220e34cf28374322f16c0751a49e83bcc822461 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:42:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2123.json | 140 ++++----- 2005/0xxx/CVE-2005-0589.json | 180 +++++------ 2005/1xxx/CVE-2005-1117.json | 140 ++++----- 2005/1xxx/CVE-2005-1203.json | 180 +++++------ 2005/1xxx/CVE-2005-1303.json | 120 ++++---- 2005/1xxx/CVE-2005-1502.json | 200 ++++++------- 2005/1xxx/CVE-2005-1849.json | 450 ++++++++++++++-------------- 2005/1xxx/CVE-2005-1907.json | 170 +++++------ 2005/3xxx/CVE-2005-3906.json | 270 ++++++++--------- 2005/4xxx/CVE-2005-4087.json | 150 +++++----- 2005/4xxx/CVE-2005-4528.json | 150 +++++----- 2005/4xxx/CVE-2005-4798.json | 220 +++++++------- 2009/0xxx/CVE-2009-0205.json | 34 +-- 2009/0xxx/CVE-2009-0662.json | 160 +++++----- 2009/0xxx/CVE-2009-0800.json | 530 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1068.json | 200 ++++++------- 2009/1xxx/CVE-2009-1169.json | 430 +++++++++++++------------- 2009/1xxx/CVE-2009-1476.json | 170 +++++------ 2009/1xxx/CVE-2009-1852.json | 140 ++++----- 2009/1xxx/CVE-2009-1936.json | 140 ++++----- 2009/1xxx/CVE-2009-1985.json | 170 +++++------ 2009/4xxx/CVE-2009-4298.json | 200 ++++++------- 2009/4xxx/CVE-2009-4437.json | 160 +++++----- 2009/4xxx/CVE-2009-4844.json | 140 ++++----- 2009/4xxx/CVE-2009-4894.json | 120 ++++---- 2012/2xxx/CVE-2012-2137.json | 260 ++++++++-------- 2012/2xxx/CVE-2012-2256.json | 34 +-- 2012/2xxx/CVE-2012-2392.json | 230 +++++++------- 2012/2xxx/CVE-2012-2985.json | 120 ++++---- 2012/3xxx/CVE-2012-3205.json | 140 ++++----- 2012/3xxx/CVE-2012-3300.json | 140 ++++----- 2012/6xxx/CVE-2012-6410.json | 34 +-- 2012/6xxx/CVE-2012-6620.json | 170 +++++------ 2012/6xxx/CVE-2012-6701.json | 170 +++++------ 2015/1xxx/CVE-2015-1489.json | 150 +++++----- 2015/5xxx/CVE-2015-5245.json | 140 ++++----- 2015/5xxx/CVE-2015-5252.json | 350 +++++++++++----------- 2015/5xxx/CVE-2015-5810.json | 200 ++++++------- 2015/5xxx/CVE-2015-5916.json | 190 ++++++------ 2015/5xxx/CVE-2015-5948.json | 150 +++++----- 2018/11xxx/CVE-2018-11046.json | 150 +++++----- 2018/11xxx/CVE-2018-11095.json | 130 ++++---- 2018/11xxx/CVE-2018-11531.json | 160 +++++----- 2018/11xxx/CVE-2018-11793.json | 132 ++++---- 2018/11xxx/CVE-2018-11809.json | 34 +-- 2018/11xxx/CVE-2018-11827.json | 130 ++++---- 2018/15xxx/CVE-2018-15139.json | 130 ++++---- 2018/15xxx/CVE-2018-15985.json | 130 ++++---- 2018/3xxx/CVE-2018-3068.json | 142 ++++----- 2018/8xxx/CVE-2018-8630.json | 34 +-- 2018/8xxx/CVE-2018-8785.json | 152 +++++----- 2018/8xxx/CVE-2018-8895.json | 120 ++++---- 2018/8xxx/CVE-2018-8956.json | 34 +-- 53 files changed, 4460 insertions(+), 4460 deletions(-) diff --git a/2002/2xxx/CVE-2002-2123.json b/2002/2xxx/CVE-2002-2123.json index 90c5788851a..43fddcc5810 100644 --- a/2002/2xxx/CVE-2002-2123.json +++ b/2002/2xxx/CVE-2002-2123.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/304611" - }, - { - "name" : "6489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6489" - }, - { - "name" : "gallery-winxppublishing-command-execution(10943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gallery-winxppublishing-command-execution(10943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10943" + }, + { + "name": "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/304611" + }, + { + "name": "6489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6489" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0589.json b/2005/0xxx/CVE-2005-0589.json index d1618275f95..4070c396b1d 100644 --- a/2005/0xxx/CVE-2005-0589.json +++ b/2005/0xxx/CVE-2005-0589.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-19.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=270697", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=270697" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "12659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12659" - }, - { - "name" : "oval:org.mitre.oval:def:100039", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039" - }, - { - "name" : "oval:org.mitre.oval:def:10825", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12659" + }, + { + "name": "oval:org.mitre.oval:def:10825", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825" + }, + { + "name": "oval:org.mitre.oval:def:100039", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-19.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-19.html" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=270697", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=270697" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1117.json b/2005/1xxx/CVE-2005-1117.json index b7a63cc1452..63320969944 100644 --- a/2005/1xxx/CVE-2005-1117.json +++ b/2005/1xxx/CVE-2005-1117.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050414 All4WWW-Homepagecreator Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111350434925520&w=2" - }, - { - "name" : "13169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13169" - }, - { - "name" : "14972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14972" + }, + { + "name": "20050414 All4WWW-Homepagecreator Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111350434925520&w=2" + }, + { + "name": "13169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13169" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1203.json b/2005/1xxx/CVE-2005-1203.json index a26e10bac6a..c6182d40cb9 100644 --- a/2005/1xxx/CVE-2005-1203.json +++ b/2005/1xxx/CVE-2005-1203.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050420 Multiple eGroupware Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111401760125555&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00069-04202005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00069-04202005" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=320768", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=320768" - }, - { - "name" : "GLSA-200504-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200504-24.xml" - }, - { - "name" : "13212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13212" - }, - { - "name" : "15753", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15753" - }, - { - "name" : "14982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=320768", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=320768" + }, + { + "name": "13212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13212" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00069-04202005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00069-04202005" + }, + { + "name": "15753", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15753" + }, + { + "name": "GLSA-200504-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200504-24.xml" + }, + { + "name": "20050420 Multiple eGroupware Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111401760125555&w=2" + }, + { + "name": "14982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14982" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1303.json b/2005/1xxx/CVE-2005-1303.json index 226e374a701..7eb83ce14bd 100644 --- a/2005/1xxx/CVE-2005-1303.json +++ b/2005/1xxx/CVE-2005-1303.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050424 remote command execution in citat.pl script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111445477910178&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050424 remote command execution in citat.pl script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111445477910178&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1502.json b/2005/1xxx/CVE-2005-1502.json index 47d4d661477..0604b2dfc2a 100644 --- a/2005/1xxx/CVE-2005-1502.json +++ b/2005/1xxx/CVE-2005-1502.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111533057918993&w=2" - }, - { - "name" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt", - "refsource" : "MISC", - "url" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt" - }, - { - "name" : "13516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13516" - }, - { - "name" : "13517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13517" - }, - { - "name" : "13518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13518" - }, - { - "name" : "16173", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16173" - }, - { - "name" : "16174", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16174" - }, - { - "name" : "15269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15269" - }, - { - "name" : "midicart-xss(20427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13516" + }, + { + "name": "midicart-xss(20427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20427" + }, + { + "name": "13517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13517" + }, + { + "name": "16173", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16173" + }, + { + "name": "http://www.hackgen.org/advisories/hackgen-2005-004.txt", + "refsource": "MISC", + "url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt" + }, + { + "name": "16174", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16174" + }, + { + "name": "13518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13518" + }, + { + "name": "15269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15269" + }, + { + "name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1849.json b/2005/1xxx/CVE-2005-1849.json index 0d041f5fa81..06be3c41454 100644 --- a/2005/1xxx/CVE-2005-1849.json +++ b/2005/1xxx/CVE-2005-1849.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "DSA-763", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-763" - }, - { - "name" : "DSA-797", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-797" - }, - { - "name" : "DSA-1026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1026" - }, - { - "name" : "FLSA:162680", - "refsource" : "FEDORA", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" - }, - { - "name" : "GLSA-200509-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" - }, - { - "name" : "GLSA-200603-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml" - }, - { - "name" : "MDKSA-2005:196", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" - }, - { - "name" : "MDKSA-2006:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" - }, - { - "name" : "RHSA-2005:584", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-584.html" - }, - { - "name" : "RHSA-2008:0629", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html" - }, - { - "name" : "SCOSA-2006.6", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" - }, - { - "name" : "SUSE-SA:2005:043", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_43_zlib.html" - }, - { - "name" : "USN-151-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntulinux.org/usn/usn-151-3" - }, - { - "name" : "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz", - "refsource" : "MISC", - "url" : "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz" - }, - { - "name" : "14340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14340" - }, - { - "name" : "oval:org.mitre.oval:def:11402", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402" - }, - { - "name" : "ADV-2007-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1267" - }, - { - "name" : "18141", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18141" - }, - { - "name" : "1014540", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014540" - }, - { - "name" : "16137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16137" - }, - { - "name" : "18377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18377" - }, - { - "name" : "17326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17326" - }, - { - "name" : "17516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17516" - }, - { - "name" : "19550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19550" - }, - { - "name" : "19334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19334" - }, - { - "name" : "19597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19597" - }, - { - "name" : "24788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24788" - }, - { - "name" : "31492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31492" - }, - { - "name" : "zlib-codetable-dos(21456)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zlib-codetable-dos(21456)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456" + }, + { + "name": "DSA-1026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1026" + }, + { + "name": "19334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19334" + }, + { + "name": "DSA-797", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-797" + }, + { + "name": "DSA-763", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-763" + }, + { + "name": "GLSA-200509-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml" + }, + { + "name": "MDKSA-2005:196", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196" + }, + { + "name": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz", + "refsource": "MISC", + "url": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz" + }, + { + "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" + }, + { + "name": "USN-151-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntulinux.org/usn/usn-151-3" + }, + { + "name": "GLSA-200603-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml" + }, + { + "name": "RHSA-2005:584", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-584.html" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html" + }, + { + "name": "16137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16137" + }, + { + "name": "31492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31492" + }, + { + "name": "oval:org.mitre.oval:def:11402", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402" + }, + { + "name": "18141", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18141" + }, + { + "name": "1014540", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014540" + }, + { + "name": "SUSE-SA:2005:043", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_43_zlib.html" + }, + { + "name": "MDKSA-2006:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070" + }, + { + "name": "RHSA-2008:0629", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html" + }, + { + "name": "ADV-2007-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1267" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html" + }, + { + "name": "24788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24788" + }, + { + "name": "17326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17326" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "17516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17516" + }, + { + "name": "14340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14340" + }, + { + "name": "19597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19597" + }, + { + "name": "SCOSA-2006.6", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" + }, + { + "name": "19550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19550" + }, + { + "name": "18377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18377" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "FLSA:162680", + "refsource": "FEDORA", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1907.json b/2005/1xxx/CVE-2005-1907.json index ba9d33c4a60..27b3433eb07 100644 --- a/2005/1xxx/CVE-2005-1907.json +++ b/2005/1xxx/CVE-2005-1907.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networksecurity.fi/advisories/windows-isa-firewall.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/windows-isa-firewall.html" - }, - { - "name" : "894864", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];894864" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en" - }, - { - "name" : "13846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13846" - }, - { - "name" : "17031", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17031" - }, - { - "name" : "1014113", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.networksecurity.fi/advisories/windows-isa-firewall.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/windows-isa-firewall.html" + }, + { + "name": "17031", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17031" + }, + { + "name": "1014113", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014113" + }, + { + "name": "894864", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];894864" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en" + }, + { + "name": "13846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13846" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3906.json b/2005/3xxx/CVE-2005-3906.json index 3b83850678a..60f1aaa195e 100644 --- a/2005/3xxx/CVE-2005-3906.json +++ b/2005/3xxx/CVE-2005-3906.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the \"second and third issues\" identified in SUNALERT:102003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-11-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html" - }, - { - "name" : "GLSA-200601-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml" - }, - { - "name" : "102003", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628" - }, - { - "name" : "VU#974188", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/974188" - }, - { - "name" : "15615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15615" - }, - { - "name" : "ADV-2005-2636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2636" - }, - { - "name" : "ADV-2005-2946", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2946" - }, - { - "name" : "ADV-2005-2675", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2675" - }, - { - "name" : "1015280", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015280" - }, - { - "name" : "17748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17748" - }, - { - "name" : "18092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18092" - }, - { - "name" : "17847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17847" - }, - { - "name" : "18503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18503" - }, - { - "name" : "18435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18435" - }, - { - "name" : "sun-reflection-api-elevate-privileges(23251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the \"second and third issues\" identified in SUNALERT:102003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17847" + }, + { + "name": "18503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18503" + }, + { + "name": "18435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18435" + }, + { + "name": "15615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15615" + }, + { + "name": "102003", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1" + }, + { + "name": "ADV-2005-2946", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2946" + }, + { + "name": "ADV-2005-2675", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2675" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628" + }, + { + "name": "ADV-2005-2636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2636" + }, + { + "name": "GLSA-200601-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml" + }, + { + "name": "VU#974188", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/974188" + }, + { + "name": "1015280", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015280" + }, + { + "name": "APPLE-SA-2005-11-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html" + }, + { + "name": "sun-reflection-api-elevate-privileges(23251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251" + }, + { + "name": "17748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17748" + }, + { + "name": "18092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18092" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4087.json b/2005/4xxx/CVE-2005-4087.json index 1cf004bd3f5..cf1b280ba48 100644 --- a/2005/4xxx/CVE-2005-4087.json +++ b/2005/4xxx/CVE-2005-4087.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051207 SugarSuite Open Source <= 4.0beta Remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418840" - }, - { - "name" : "15760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15760" - }, - { - "name" : "239", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/239" - }, - { - "name" : "sugarsuite-acceptdecline-file-include(23541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051207 SugarSuite Open Source <= 4.0beta Remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418840" + }, + { + "name": "239", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/239" + }, + { + "name": "15760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15760" + }, + { + "name": "sugarsuite-acceptdecline-file-include(23541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23541" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4528.json b/2005/4xxx/CVE-2005-4528.json index dc7b19cf29d..76bde566868 100644 --- a/2005/4xxx/CVE-2005-4528.json +++ b/2005/4xxx/CVE-2005-4528.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=379608", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=379608" - }, - { - "name" : "ADV-2005-3048", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3048" - }, - { - "name" : "22015", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22015" - }, - { - "name" : "18184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18184" + }, + { + "name": "22015", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22015" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=379608", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=379608" + }, + { + "name": "ADV-2005-3048", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3048" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4798.json b/2005/4xxx/CVE-2005-4798.json index e7de436cfe3..d6e7dfc45ef 100644 --- a/2005/4xxx/CVE-2005-4798.json +++ b/2005/4xxx/CVE-2005-4798.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20050912 [PATCH] nfs client, kernel 2.4.31: readlink result overflow", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b" - }, - { - "name" : "DSA-1183", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1183" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "SUSE-SA:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" - }, - { - "name" : "20186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20186" - }, - { - "name" : "oval:org.mitre.oval:def:11536", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11536" - }, - { - "name" : "20398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20398" - }, - { - "name" : "22082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22082" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1183", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1183" + }, + { + "name": "oval:org.mitre.oval:def:11536", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11536" + }, + { + "name": "22082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22082" + }, + { + "name": "SUSE-SA:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html" + }, + { + "name": "20186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20186" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b" + }, + { + "name": "[linux-kernel] 20050912 [PATCH] nfs client, kernel 2.4.31: readlink result overflow", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html" + }, + { + "name": "20398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20398" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0205.json b/2009/0xxx/CVE-2009-0205.json index 9cee657ec05..58e9036a1de 100644 --- a/2009/0xxx/CVE-2009-0205.json +++ b/2009/0xxx/CVE-2009-0205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0662.json b/2009/0xxx/CVE-2009-0662.json index fed7f69ef1e..ad94a9b5d32 100644 --- a/2009/0xxx/CVE-2009-0662.json +++ b/2009/0xxx/CVE-2009-0662.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plone.org/products/plone/security/advisories/cve-2009-0662", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/cve-2009-0662" - }, - { - "name" : "34664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34664" - }, - { - "name" : "53975", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53975" - }, - { - "name" : "34840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34840" - }, - { - "name" : "plone-unspecified-session-hijacking(50061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34664" + }, + { + "name": "plone-unspecified-session-hijacking(50061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061" + }, + { + "name": "34840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34840" + }, + { + "name": "http://plone.org/products/plone/security/advisories/cve-2009-0662", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/cve-2009-0662" + }, + { + "name": "53975", + "refsource": "OSVDB", + "url": "http://osvdb.org/53975" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0800.json b/2009/0xxx/CVE-2009-0800.json index 65541481ce3..95c10fab704 100644 --- a/2009/0xxx/CVE-2009-0800.json +++ b/2009/0xxx/CVE-2009-0800.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=495887", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495887" - }, - { - "name" : "http://poppler.freedesktop.org/releases.html", - "refsource" : "CONFIRM", - "url" : "http://poppler.freedesktop.org/releases.html" - }, - { - "name" : "DSA-1790", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1790" - }, - { - "name" : "DSA-1793", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1793" - }, - { - "name" : "FEDORA-2009-6973", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html" - }, - { - "name" : "FEDORA-2009-6982", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html" - }, - { - "name" : "FEDORA-2009-6972", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html" - }, - { - "name" : "MDVSA-2009:101", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101" - }, - { - "name" : "MDVSA-2010:087", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" - }, - { - "name" : "MDVSA-2011:175", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" - }, - { - "name" : "RHSA-2009:0430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html" - }, - { - "name" : "RHSA-2009:0429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html" - }, - { - "name" : "RHSA-2009:0431", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html" - }, - { - "name" : "RHSA-2009:0458", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html" - }, - { - "name" : "RHSA-2009:0480", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html" - }, - { - "name" : "SSA:2009-129-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477" - }, - { - "name" : "SUSE-SA:2009:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "VU#196617", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/196617" - }, - { - "name" : "34568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34568" - }, - { - "name" : "oval:org.mitre.oval:def:11323", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323" - }, - { - "name" : "1022073", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022073" - }, - { - "name" : "34755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34755" - }, - { - "name" : "34291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34291" - }, - { - "name" : "34481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34481" - }, - { - "name" : "34746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34746" - }, - { - "name" : "34852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34852" - }, - { - "name" : "34756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34756" - }, - { - "name" : "34959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34959" - }, - { - "name" : "34963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34963" - }, - { - "name" : "35037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35037" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "34991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34991" - }, - { - "name" : "35064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35064" - }, - { - "name" : "35618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35618" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "ADV-2009-1065", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1065" - }, - { - "name" : "ADV-2009-1066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1066" - }, - { - "name" : "ADV-2009-1076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1076" - }, - { - "name" : "ADV-2009-1077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1077" - }, - { - "name" : "ADV-2010-1040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1793", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1793" + }, + { + "name": "34963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34963" + }, + { + "name": "DSA-1790", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1790" + }, + { + "name": "35037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35037" + }, + { + "name": "ADV-2009-1077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1077" + }, + { + "name": "35064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35064" + }, + { + "name": "ADV-2009-1066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1066" + }, + { + "name": "34481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34481" + }, + { + "name": "SSA:2009-129-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477" + }, + { + "name": "RHSA-2009:0431", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html" + }, + { + "name": "ADV-2009-1065", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1065" + }, + { + "name": "RHSA-2009:0430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html" + }, + { + "name": "FEDORA-2009-6972", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html" + }, + { + "name": "35618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35618" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=495887", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "RHSA-2009:0480", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html" + }, + { + "name": "http://poppler.freedesktop.org/releases.html", + "refsource": "CONFIRM", + "url": "http://poppler.freedesktop.org/releases.html" + }, + { + "name": "34568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34568" + }, + { + "name": "MDVSA-2011:175", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" + }, + { + "name": "VU#196617", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/196617" + }, + { + "name": "ADV-2010-1040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1040" + }, + { + "name": "SUSE-SA:2009:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" + }, + { + "name": "RHSA-2009:0458", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html" + }, + { + "name": "FEDORA-2009-6982", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html" + }, + { + "name": "34991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34991" + }, + { + "name": "MDVSA-2009:101", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101" + }, + { + "name": "MDVSA-2010:087", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "ADV-2009-1076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1076" + }, + { + "name": "34756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34756" + }, + { + "name": "34291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34291" + }, + { + "name": "34755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34755" + }, + { + "name": "34852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34852" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "FEDORA-2009-6973", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html" + }, + { + "name": "34959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34959" + }, + { + "name": "oval:org.mitre.oval:def:11323", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323" + }, + { + "name": "34746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34746" + }, + { + "name": "RHSA-2009:0429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html" + }, + { + "name": "1022073", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022073" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1068.json b/2009/1xxx/CVE-2009-1068.json index 19bc793c930..713c01557c7 100644 --- a/2009/1xxx/CVE-2009-1068.json +++ b/2009/1xxx/CVE-2009-1068.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090320 Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502016/100/0/threaded" - }, - { - "name" : "8249", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8249" - }, - { - "name" : "8251", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8251" - }, - { - "name" : "http://retrogod.altervista.org/9sg_bsplayer_seh.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_bsplayer_seh.html" - }, - { - "name" : "34190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34190" - }, - { - "name" : "52841", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52841" - }, - { - "name" : "34412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34412" - }, - { - "name" : "ADV-2009-0800", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0800" - }, - { - "name" : "bsplayer-bsl-bo(49342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/9sg_bsplayer_seh.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_bsplayer_seh.html" + }, + { + "name": "bsplayer-bsl-bo(49342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49342" + }, + { + "name": "34412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34412" + }, + { + "name": "8251", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8251" + }, + { + "name": "ADV-2009-0800", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0800" + }, + { + "name": "20090320 Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502016/100/0/threaded" + }, + { + "name": "8249", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8249" + }, + { + "name": "52841", + "refsource": "OSVDB", + "url": "http://osvdb.org/52841" + }, + { + "name": "34190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34190" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1169.json b/2009/1xxx/CVE-2009-1169.json index 4265a23bf7d..4cb62d2c358 100644 --- a/2009/1xxx/CVE-2009-1169.json +++ b/2009/1xxx/CVE-2009-1169.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.zdnet.com/security/?p=3013", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=3013" - }, - { - "name" : "8285", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8285" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460090", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460090" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485217", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485217" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485286", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485286" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm" - }, - { - "name" : "DSA-1756", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1756" - }, - { - "name" : "FEDORA-2009-3101", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" - }, - { - "name" : "FEDORA-2009-3099", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html" - }, - { - "name" : "FEDORA-2009-3100", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html" - }, - { - "name" : "MDVSA-2009:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084" - }, - { - "name" : "RHSA-2009:0397", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0397.html" - }, - { - "name" : "RHSA-2009:0398", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0398.html" - }, - { - "name" : "SUSE-SA:2009:022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html" - }, - { - "name" : "SUSE-SA:2009:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" - }, - { - "name" : "USN-745-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-745-1" - }, - { - "name" : "34235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34235" - }, - { - "name" : "oval:org.mitre.oval:def:11372", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372" - }, - { - "name" : "1021939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021939" - }, - { - "name" : "34471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34471" - }, - { - "name" : "34527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34527" - }, - { - "name" : "34549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34549" - }, - { - "name" : "34550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34550" - }, - { - "name" : "34505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34505" - }, - { - "name" : "34486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34486" - }, - { - "name" : "34510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34510" - }, - { - "name" : "34511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34511" - }, - { - "name" : "34521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34521" - }, - { - "name" : "34792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34792" - }, - { - "name" : "ADV-2009-0853", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0853" - }, - { - "name" : "mozilla-xslt-code-execution(49439)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html" + }, + { + "name": "mozilla-xslt-code-execution(49439)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439" + }, + { + "name": "34510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34510" + }, + { + "name": "8285", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8285" + }, + { + "name": "FEDORA-2009-3101", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html" + }, + { + "name": "34511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34511" + }, + { + "name": "MDVSA-2009:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084" + }, + { + "name": "RHSA-2009:0397", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html" + }, + { + "name": "SUSE-SA:2009:022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html" + }, + { + "name": "1021939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021939" + }, + { + "name": "34505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34505" + }, + { + "name": "34521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34521" + }, + { + "name": "RHSA-2009:0398", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html" + }, + { + "name": "34486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34486" + }, + { + "name": "34471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34471" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286" + }, + { + "name": "USN-745-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-745-1" + }, + { + "name": "34527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34527" + }, + { + "name": "34235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34235" + }, + { + "name": "DSA-1756", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1756" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090" + }, + { + "name": "ADV-2009-0853", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0853" + }, + { + "name": "34792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34792" + }, + { + "name": "http://blogs.zdnet.com/security/?p=3013", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=3013" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217" + }, + { + "name": "FEDORA-2009-3100", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html" + }, + { + "name": "34549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34549" + }, + { + "name": "34550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34550" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm" + }, + { + "name": "oval:org.mitre.oval:def:11372", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372" + }, + { + "name": "FEDORA-2009-3099", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1476.json b/2009/1xxx/CVE-2009-1476.json index 6f3d54e5355..3ce5b25befb 100644 --- a/2009/1xxx/CVE-2009-1476.json +++ b/2009/1xxx/CVE-2009-1476.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090522 IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/62" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h" - }, - { - "name" : "35076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35076" - }, - { - "name" : "1022272", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022272" - }, - { - "name" : "ipfilter-loadhttp-bo(50716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35076" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c" + }, + { + "name": "1022272", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022272" + }, + { + "name": "ipfilter-loadhttp-bo(50716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50716" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h" + }, + { + "name": "20090522 IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/62" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1852.json b/2009/1xxx/CVE-2009-1852.json index e34d8dc0a1f..c50466a6449 100644 --- a/2009/1xxx/CVE-2009-1852.json +++ b/2009/1xxx/CVE-2009-1852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8803", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8803" - }, - { - "name" : "35096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35096" - }, - { - "name" : "myforum-username-sql-injection(50749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8803", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8803" + }, + { + "name": "myforum-username-sql-injection(50749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50749" + }, + { + "name": "35096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35096" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1936.json b/2009/1xxx/CVE-2009-1936.json index bebc5fcfd88..9bbc2d0aa47 100644 --- a/2009/1xxx/CVE-2009-1936.json +++ b/2009/1xxx/CVE-2009-1936.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8790", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8790" - }, - { - "name" : "35103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35103" - }, - { - "name" : "35245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8790", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8790" + }, + { + "name": "35103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35103" + }, + { + "name": "35245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35245" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1985.json b/2009/1xxx/CVE-2009-1985.json index db456a7e06d..4294fd415a2 100644 --- a/2009/1xxx/CVE-2009-1985.json +++ b/2009/1xxx/CVE-2009-1985.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36745" - }, - { - "name" : "59111", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59111" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36745" + }, + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "59111", + "refsource": "OSVDB", + "url": "http://osvdb.org/59111" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4298.json b/2009/4xxx/CVE-2009-4298.json index f50d63df2d8..23a4be49685 100644 --- a/2009/4xxx/CVE-2009-4298.json +++ b/2009/4xxx/CVE-2009-4298.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" - }, - { - "name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=139102", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=139102" - }, - { - "name" : "FEDORA-2009-13040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" - }, - { - "name" : "FEDORA-2009-13065", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" - }, - { - "name" : "FEDORA-2009-13080", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" - }, - { - "name" : "37244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37244" - }, - { - "name" : "37614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37614" - }, - { - "name" : "ADV-2009-3455", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" + }, + { + "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" + }, + { + "name": "ADV-2009-3455", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3455" + }, + { + "name": "37614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37614" + }, + { + "name": "FEDORA-2009-13065", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" + }, + { + "name": "FEDORA-2009-13040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=139102", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=139102" + }, + { + "name": "FEDORA-2009-13080", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" + }, + { + "name": "37244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37244" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4437.json b/2009/4xxx/CVE-2009-4437.json index 5c31c042a2b..973f15a64e7 100644 --- a/2009/4xxx/CVE-2009-4437.json +++ b/2009/4xxx/CVE-2009-4437.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt" - }, - { - "name" : "10520", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10520" - }, - { - "name" : "37401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37401" - }, - { - "name" : "14839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14839" - }, - { - "name" : "activeauctionhouse-links-sql-injection(54891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt" + }, + { + "name": "activeauctionhouse-links-sql-injection(54891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54891" + }, + { + "name": "37401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37401" + }, + { + "name": "10520", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10520" + }, + { + "name": "14839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14839" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4844.json b/2009/4xxx/CVE-2009-4844.json index 3def5d03cd0..c7555f97b1f 100644 --- a/2009/4xxx/CVE-2009-4844.json +++ b/2009/4xxx/CVE-2009-4844.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" - }, - { - "name" : "virtualiq-statusuri-information-disclosure(58576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "virtualiq-statusuri-information-disclosure(58576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58576" + }, + { + "name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded" + }, + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4894.json b/2009/4xxx/CVE-2009-4894.json index 4d8bfaf21c0..805eb6b2066 100644 --- a/2009/4xxx/CVE-2009-4894.json +++ b/2009/4xxx/CVE-2009-4894.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://punbb.informer.com/forums/topic/21669/punbb-134/", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/forums/topic/21669/punbb-134/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://punbb.informer.com/forums/topic/21669/punbb-134/", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/forums/topic/21669/punbb-134/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2137.json b/2012/2xxx/CVE-2012-2137.json index e5e8cb8b5ee..33b61eefe88 100644 --- a/2012/2xxx/CVE-2012-2137.json +++ b/2012/2xxx/CVE-2012-2137.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html", - "refsource" : "MISC", - "url" : "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=816151", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=816151" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "RHSA-2012:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "USN-1529-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1529-1" - }, - { - "name" : "USN-1607-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1607-1" - }, - { - "name" : "USN-1594-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1594-1" - }, - { - "name" : "USN-1606-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1606-1" - }, - { - "name" : "USN-1609-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1609-1" - }, - { - "name" : "54063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54063" - }, - { - "name" : "50952", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50952" - }, - { - "name" : "50961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=816151", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816151" + }, + { + "name": "RHSA-2012:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html" + }, + { + "name": "USN-1606-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1606-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24" + }, + { + "name": "USN-1594-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1594-1" + }, + { + "name": "50961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50961" + }, + { + "name": "USN-1607-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1607-1" + }, + { + "name": "USN-1609-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1609-1" + }, + { + "name": "USN-1529-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1529-1" + }, + { + "name": "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html", + "refsource": "MISC", + "url": "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed" + }, + { + "name": "50952", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50952" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + }, + { + "name": "54063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54063" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2256.json b/2012/2xxx/CVE-2012-2256.json index 6fcf2e0eb3f..9ad98e90a25 100644 --- a/2012/2xxx/CVE-2012-2256.json +++ b/2012/2xxx/CVE-2012-2256.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2256", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2256", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2392.json b/2012/2xxx/CVE-2012-2392.json index 8359d919035..5ef02ada1e1 100644 --- a/2012/2xxx/CVE-2012-2392.json +++ b/2012/2xxx/CVE-2012-2392.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-08.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124" - }, - { - "name" : "MDVSA-2012:015", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015" - }, - { - "name" : "MDVSA-2012:042", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042" - }, - { - "name" : "MDVSA-2012:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080" - }, - { - "name" : "oval:org.mitre.oval:def:15604", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604" - }, - { - "name" : "1027094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027094" - }, - { - "name" : "49226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:015", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015" + }, + { + "name": "1027094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027094" + }, + { + "name": "MDVSA-2012:042", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042" + }, + { + "name": "oval:org.mitre.oval:def:15604", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604" + }, + { + "name": "49226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49226" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805" + }, + { + "name": "MDVSA-2012:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-08.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2985.json b/2012/2xxx/CVE-2012-2985.json index 804bec1c0c1..c0cac0d353b 100644 --- a/2012/2xxx/CVE-2012-2985.json +++ b/2012/2xxx/CVE-2012-2985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#247235", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/247235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#247235", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/247235" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3205.json b/2012/3xxx/CVE-2012-3205.json index 071d6ee2a2f..89ccaa7b4d6 100644 --- a/2012/3xxx/CVE-2012-3205.json +++ b/2012/3xxx/CVE-2012-3205.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "56034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56034" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3300.json b/2012/3xxx/CVE-2012-3300.json index 54a271bf94e..64dd0e08b91 100644 --- a/2012/3xxx/CVE-2012-3300.json +++ b/2012/3xxx/CVE-2012-3300.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21610909", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21610909" - }, - { - "name" : "JR42771", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR42771" - }, - { - "name" : "websphere-commerce-personalizationid-dos(77382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21610909", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21610909" + }, + { + "name": "JR42771", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR42771" + }, + { + "name": "websphere-commerce-personalizationid-dos(77382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77382" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6410.json b/2012/6xxx/CVE-2012-6410.json index 7c27893be1e..93192e6551a 100644 --- a/2012/6xxx/CVE-2012-6410.json +++ b/2012/6xxx/CVE-2012-6410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6410", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6410", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6620.json b/2012/6xxx/CVE-2012-6620.json index 56e9cf7d87c..b893f546ac8 100644 --- a/2012/6xxx/CVE-2012-6620.json +++ b/2012/6xxx/CVE-2012-6620.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20120514 Kronolith H4 (3.0.17) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2012/000766.html" - }, - { - "name" : "http://bugs.horde.org/ticket/11189", - "refsource" : "MISC", - "url" : "http://bugs.horde.org/ticket/11189" - }, - { - "name" : "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2" - }, - { - "name" : "53731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53731" - }, - { - "name" : "49147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49147" - }, - { - "name" : "kronolith-kronolith-xss(75563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49147" + }, + { + "name": "http://bugs.horde.org/ticket/11189", + "refsource": "MISC", + "url": "http://bugs.horde.org/ticket/11189" + }, + { + "name": "53731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53731" + }, + { + "name": "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2" + }, + { + "name": "[announce] 20120514 Kronolith H4 (3.0.17) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2012/000766.html" + }, + { + "name": "kronolith-kronolith-xss(75563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75563" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6701.json b/2012/6xxx/CVE-2012-6701.json index 60f85146a95..2a26749875c 100644 --- a/2012/6xxx/CVE-2012-6701.json +++ b/2012/6xxx/CVE-2012-6701.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-6701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/02/9" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314288", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314288" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893" - }, - { - "name" : "RHSA-2018:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1854" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288" + }, + { + "name": "RHSA-2018:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1854" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1" + }, + { + "name": "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/02/9" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1489.json b/2015/1xxx/CVE-2015-1489.json index 27b05cdb879..6272a62b2a6 100644 --- a/2015/1xxx/CVE-2015-1489.json +++ b/2015/1xxx/CVE-2015-1489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2015-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37812", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37812/" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00" - }, - { - "name" : "76078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76078" - }, - { - "name" : "1033165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37812", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37812/" + }, + { + "name": "76078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76078" + }, + { + "name": "1033165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033165" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5245.json b/2015/5xxx/CVE-2015-5245.json index dbf37479f6f..336c93352bc 100644 --- a/2015/5xxx/CVE-2015-5245.json +++ b/2015/5xxx/CVE-2015-5245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Ceph-announce] 20151019 v0.94.4 Hammer released", - "refsource" : "MLIST", - "url" : "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html" - }, - { - "name" : "http://tracker.ceph.com/issues/12537", - "refsource" : "CONFIRM", - "url" : "http://tracker.ceph.com/issues/12537" - }, - { - "name" : "RHSA-2015:2512", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:2512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tracker.ceph.com/issues/12537", + "refsource": "CONFIRM", + "url": "http://tracker.ceph.com/issues/12537" + }, + { + "name": "RHSA-2015:2512", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:2512" + }, + { + "name": "[Ceph-announce] 20151019 v0.94.4 Hammer released", + "refsource": "MLIST", + "url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5252.json b/2015/5xxx/CVE-2015-5252.json index de26c2069e2..30afa577c44 100644 --- a/2015/5xxx/CVE-2015-5252.json +++ b/2015/5xxx/CVE-2015-5252.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290288", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290288" - }, - { - "name" : "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-5252.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-5252.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3433" - }, - { - "name" : "FEDORA-2015-0e0879cc8a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" - }, - { - "name" : "FEDORA-2015-b36076d32e", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" - }, - { - "name" : "GLSA-201612-47", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-47" - }, - { - "name" : "SUSE-SU-2016:1105", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "SUSE-SU-2015:2304", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" - }, - { - "name" : "SUSE-SU-2015:2305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:0032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2015:2354", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" - }, - { - "name" : "openSUSE-SU-2015:2356", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" - }, - { - "name" : "SUSE-SU-2016:0164", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" - }, - { - "name" : "USN-2855-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-2" - }, - { - "name" : "USN-2855-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2855-1" - }, - { - "name" : "79733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79733" - }, - { - "name" : "1034493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "79733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79733" + }, + { + "name": "FEDORA-2015-0e0879cc8a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2855-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-2" + }, + { + "name": "SUSE-SU-2016:0032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" + }, + { + "name": "SUSE-SU-2015:2304", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "SUSE-SU-2015:2305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290288", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290288" + }, + { + "name": "SUSE-SU-2016:0164", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" + }, + { + "name": "openSUSE-SU-2015:2354", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" + }, + { + "name": "SUSE-SU-2016:1105", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html" + }, + { + "name": "FEDORA-2015-b36076d32e", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993" + }, + { + "name": "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e", + "refsource": "CONFIRM", + "url": "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e" + }, + { + "name": "1034493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034493" + }, + { + "name": "DSA-3433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3433" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "GLSA-201612-47", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-47" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-5252.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-5252.html" + }, + { + "name": "USN-2855-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2855-1" + }, + { + "name": "openSUSE-SU-2015:2356", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5810.json b/2015/5xxx/CVE-2015-5810.json index f35a66cd293..e3b1ecf7dab 100644 --- a/2015/5xxx/CVE-2015-5810.json +++ b/2015/5xxx/CVE-2015-5810.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:0761", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" - }, - { - "name" : "76763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76763" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76763" + }, + { + "name": "openSUSE-SU-2016:0761", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5916.json b/2015/5xxx/CVE-2015-5916.json index d97557b8b26..a80b1c018ae 100644 --- a/2015/5xxx/CVE-2015-5916.json +++ b/2015/5xxx/CVE-2015-5916.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "https://support.apple.com/HT205378", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205378" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "APPLE-SA-2015-10-21-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-10-21-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205378", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205378" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5948.json b/2015/5xxx/CVE-2015-5948.json index 9b316af5704..5ea5f33a242 100644 --- a/2015/5xxx/CVE-2015-5948.json +++ b/2015/5xxx/CVE-2015-5948.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150806 Re: CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/06/6" - }, - { - "name" : "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5", - "refsource" : "MISC", - "url" : "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5" - }, - { - "name" : "https://github.com/XiphosResearch/exploits/tree/master/suiteshell", - "refsource" : "CONFIRM", - "url" : "https://github.com/XiphosResearch/exploits/tree/master/suiteshell" - }, - { - "name" : "https://github.com/salesagility/SuiteCRM/issues/333", - "refsource" : "CONFIRM", - "url" : "https://github.com/salesagility/SuiteCRM/issues/333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150806 Re: CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/06/6" + }, + { + "name": "https://github.com/salesagility/SuiteCRM/issues/333", + "refsource": "CONFIRM", + "url": "https://github.com/salesagility/SuiteCRM/issues/333" + }, + { + "name": "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5", + "refsource": "MISC", + "url": "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5" + }, + { + "name": "https://github.com/XiphosResearch/exploits/tree/master/suiteshell", + "refsource": "CONFIRM", + "url": "https://github.com/XiphosResearch/exploits/tree/master/suiteshell" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11046.json b/2018/11xxx/CVE-2018-11046.json index d4f601553e6..4f279280f2f 100644 --- a/2018/11xxx/CVE-2018-11046.json +++ b/2018/11xxx/CVE-2018-11046.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-06-20T04:00:00.000Z", - "ID" : "CVE-2018-11046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Operations Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.1.x", - "version_value" : "2.1.6" - }, - { - "affected" : "=", - "version_value" : "2.0.14" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unpatched vulnerabilities " - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-06-20T04:00:00.000Z", + "ID": "CVE-2018-11046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Operations Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.1.x", + "version_value": "2.1.6" + }, + { + "affected": "=", + "version_value": "2.0.14" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-11046", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-11046" - }, - { - "name" : "104545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104545" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unpatched vulnerabilities " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104545" + }, + { + "name": "https://pivotal.io/security/cve-2018-11046", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11046" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11095.json b/2018/11xxx/CVE-2018-11095.json index a208e980261..3a58bf9a04c 100644 --- a/2018/11xxx/CVE-2018-11095.json +++ b/2018/11xxx/CVE-2018-11095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing" - }, - { - "name" : "https://github.com/libming/libming/issues/141", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing" + }, + { + "name": "https://github.com/libming/libming/issues/141", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/141" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11531.json b/2018/11xxx/CVE-2018-11531.json index 77003816a72..7454ad87b70 100644 --- a/2018/11xxx/CVE-2018-11531.json +++ b/2018/11xxx/CVE-2018-11531.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" - }, - { - "name" : "https://github.com/Exiv2/exiv2/issues/283", - "refsource" : "CONFIRM", - "url" : "https://github.com/Exiv2/exiv2/issues/283" - }, - { - "name" : "DSA-4238", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4238" - }, - { - "name" : "GLSA-201811-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-14" - }, - { - "name" : "USN-3700-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3700-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/283", + "refsource": "CONFIRM", + "url": "https://github.com/Exiv2/exiv2/issues/283" + }, + { + "name": "USN-3700-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3700-1/" + }, + { + "name": "DSA-4238", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4238" + }, + { + "name": "GLSA-201811-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-14" + }, + { + "name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11793.json b/2018/11xxx/CVE-2018-11793.json index 53c0e74542b..7e4a2d6ed8b 100644 --- a/2018/11xxx/CVE-2018-11793.json +++ b/2018/11xxx/CVE-2018-11793.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2018-11793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Mesos", - "version" : { - "version_data" : [ - { - "version_value" : "Apache Mesos pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, 1.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2019-03-04T00:00:00", + "ID": "CVE-2018-11793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Mesos", + "version": { + "version_data": [ + { + "version_value": "Apache Mesos pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, 1.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E", - "refsource" : "MISC", - "url" : "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E" - }, - { - "name" : "107281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107281" + }, + { + "name": "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E", + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11809.json b/2018/11xxx/CVE-2018-11809.json index 95883b50475..147cc3ba5d5 100644 --- a/2018/11xxx/CVE-2018-11809.json +++ b/2018/11xxx/CVE-2018-11809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11827.json b/2018/11xxx/CVE-2018-11827.json index ec34cdc6900..ec9ec895583 100644 --- a/2018/11xxx/CVE-2018-11827.json +++ b/2018/11xxx/CVE-2018-11827.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15139.json b/2018/15xxx/CVE-2018-15139.json index 1fb751a2328..f6826b2c418 100644 --- a/2018/15xxx/CVE-2018-15139.json +++ b/2018/15xxx/CVE-2018-15139.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", - "refsource" : "MISC", - "url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" - }, - { - "name" : "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", + "refsource": "MISC", + "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" + }, + { + "name": "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15985.json b/2018/15xxx/CVE-2018-15985.json index b11c5999100..5d32434ea98 100644 --- a/2018/15xxx/CVE-2018-15985.json +++ b/2018/15xxx/CVE-2018-15985.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3068.json b/2018/3xxx/CVE-2018-3068.json index 4f09e2c2604..779f8fe7b94 100644 --- a/2018/3xxx/CVE-2018-3068.json +++ b/2018/3xxx/CVE-2018-3068.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise HCM Human Resources", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Human Resources", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104832" - }, - { - "name" : "1041306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104832" + }, + { + "name": "1041306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041306" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8630.json b/2018/8xxx/CVE-2018-8630.json index 87705ef0806..1f564bf9f7b 100644 --- a/2018/8xxx/CVE-2018-8630.json +++ b/2018/8xxx/CVE-2018-8630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8785.json b/2018/8xxx/CVE-2018-8785.json index f718dab3f95..133a50426b2 100644 --- a/2018/8xxx/CVE-2018-8785.json +++ b/2018/8xxx/CVE-2018-8785.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2018-10-22T00:00:00", - "ID" : "CVE-2018-8785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeRDP", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 2.0.0-rc4" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2018-10-22T00:00:00", + "ID": "CVE-2018-8785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeRDP", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.0.0-rc4" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d", - "refsource" : "CONFIRM", - "url" : "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - }, - { - "name" : "USN-3845-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3845-1/" - }, - { - "name" : "106938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d", + "refsource": "CONFIRM", + "url": "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d" + }, + { + "name": "USN-3845-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3845-1/" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8895.json b/2018/8xxx/CVE-2018-8895.json index 31a5e33022a..0cbc246c1b0 100644 --- a/2018/8xxx/CVE-2018-8895.json +++ b/2018/8xxx/CVE-2018-8895.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8956.json b/2018/8xxx/CVE-2018-8956.json index 9914e2ff3fb..f7adb0bcf9f 100644 --- a/2018/8xxx/CVE-2018-8956.json +++ b/2018/8xxx/CVE-2018-8956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file