From 5318395602fcde1efe8c07450d809dd838f13798 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:21:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0221.json | 140 ++++----- 2002/0xxx/CVE-2002-0650.json | 170 +++++----- 2002/0xxx/CVE-2002-0699.json | 130 ++++---- 2002/2xxx/CVE-2002-2285.json | 140 ++++----- 2002/2xxx/CVE-2002-2438.json | 34 +- 2005/0xxx/CVE-2005-0051.json | 200 ++++++------ 2005/0xxx/CVE-2005-0236.json | 170 +++++----- 2005/0xxx/CVE-2005-0576.json | 140 ++++----- 2005/0xxx/CVE-2005-0655.json | 140 ++++----- 2005/1xxx/CVE-2005-1115.json | 150 ++++----- 2005/1xxx/CVE-2005-1134.json | 190 ++++++------ 2005/1xxx/CVE-2005-1795.json | 130 ++++---- 2009/0xxx/CVE-2009-0549.json | 180 +++++------ 2009/0xxx/CVE-2009-0652.json | 340 ++++++++++---------- 2009/0xxx/CVE-2009-0659.json | 140 ++++----- 2009/1xxx/CVE-2009-1001.json | 180 +++++------ 2009/1xxx/CVE-2009-1098.json | 530 +++++++++++++++---------------- 2009/1xxx/CVE-2009-1624.json | 130 ++++---- 2009/1xxx/CVE-2009-1652.json | 150 ++++----- 2009/1xxx/CVE-2009-1965.json | 160 +++++----- 2009/4xxx/CVE-2009-4712.json | 140 ++++----- 2009/4xxx/CVE-2009-4781.json | 140 ++++----- 2009/5xxx/CVE-2009-5013.json | 150 ++++----- 2012/2xxx/CVE-2012-2173.json | 130 ++++---- 2012/2xxx/CVE-2012-2326.json | 150 ++++----- 2012/2xxx/CVE-2012-2502.json | 34 +- 2012/2xxx/CVE-2012-2931.json | 34 +- 2012/3xxx/CVE-2012-3338.json | 34 +- 2012/3xxx/CVE-2012-3370.json | 280 ++++++++--------- 2012/3xxx/CVE-2012-3862.json | 34 +- 2012/3xxx/CVE-2012-3890.json | 150 ++++----- 2012/4xxx/CVE-2012-4098.json | 140 ++++----- 2012/6xxx/CVE-2012-6098.json | 140 ++++----- 2012/6xxx/CVE-2012-6194.json | 34 +- 2012/6xxx/CVE-2012-6250.json | 34 +- 2012/6xxx/CVE-2012-6608.json | 130 ++++---- 2015/5xxx/CVE-2015-5373.json | 34 +- 2015/5xxx/CVE-2015-5474.json | 120 ++++---- 2017/2xxx/CVE-2017-2079.json | 34 +- 2017/2xxx/CVE-2017-2081.json | 34 +- 2017/2xxx/CVE-2017-2099.json | 130 ++++---- 2017/2xxx/CVE-2017-2416.json | 180 +++++------ 2018/11xxx/CVE-2018-11019.json | 130 ++++---- 2018/11xxx/CVE-2018-11281.json | 150 ++++----- 2018/11xxx/CVE-2018-11478.json | 130 ++++---- 2018/11xxx/CVE-2018-11621.json | 130 ++++---- 2018/11xxx/CVE-2018-11743.json | 130 ++++---- 2018/11xxx/CVE-2018-11922.json | 34 +- 2018/14xxx/CVE-2018-14185.json | 34 +- 2018/14xxx/CVE-2018-14250.json | 130 ++++---- 2018/14xxx/CVE-2018-14973.json | 120 ++++---- 2018/14xxx/CVE-2018-14995.json | 130 ++++---- 2018/15xxx/CVE-2018-15005.json | 140 ++++----- 2018/15xxx/CVE-2018-15010.json | 34 +- 2018/15xxx/CVE-2018-15477.json | 120 ++++---- 2018/15xxx/CVE-2018-15690.json | 34 +- 2018/8xxx/CVE-2018-8039.json | 268 ++++++++-------- 2018/8xxx/CVE-2018-8320.json | 364 +++++++++++----------- 2018/8xxx/CVE-2018-8407.json | 478 ++++++++++++++-------------- 2018/8xxx/CVE-2018-8421.json | 548 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8522.json | 228 +++++++------- 2018/8xxx/CVE-2018-8960.json | 140 ++++----- 62 files changed, 4651 insertions(+), 4651 deletions(-) diff --git a/2002/0xxx/CVE-2002-0221.json b/2002/0xxx/CVE-2002-0221.json index 95daf1a8831..79b747cdb8b 100644 --- a/2002/0xxx/CVE-2002-0221.json +++ b/2002/0xxx/CVE-2002-0221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020129 Vulnerabilities in EServ 2.97", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252944" - }, - { - "name" : "3983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3983" - }, - { - "name" : "eserv-pasv-dos(8020)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8020.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3983" + }, + { + "name": "eserv-pasv-dos(8020)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8020.php" + }, + { + "name": "20020129 Vulnerabilities in EServ 2.97", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252944" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0650.json b/2002/0xxx/CVE-2002-0650.json index e8a84850a19..f5d4b3c40d1 100644 --- a/2002/0xxx/CVE-2002-0650.json +++ b/2002/0xxx/CVE-2002-0650.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a \"ping\" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102760196931518&w=2" - }, - { - "name" : "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=102760479902411&w=2" - }, - { - "name" : "MS02-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039" - }, - { - "name" : "mssql-resolution-keepalive-dos(9662)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9662.php" - }, - { - "name" : "5312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5312" - }, - { - "name" : "878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a \"ping\" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=102760479902411&w=2" + }, + { + "name": "MS02-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039" + }, + { + "name": "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102760196931518&w=2" + }, + { + "name": "5312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5312" + }, + { + "name": "mssql-resolution-keepalive-dos(9662)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9662.php" + }, + { + "name": "878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/878" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0699.json b/2002/0xxx/CVE-2002-0699.json index 2d428edd51a..3f84f6eac5c 100644 --- a/2002/0xxx/CVE-2002-0699.json +++ b/2002/0xxx/CVE-2002-0699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048" - }, - { - "name" : "oval:org.mitre.oval:def:190", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048" + }, + { + "name": "oval:org.mitre.oval:def:190", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2285.json b/2002/2xxx/CVE-2002-2285.json index ad286da0c27..d3e2c0be3ca 100644 --- a/2002/2xxx/CVE-2002-2285.json +++ b/2002/2xxx/CVE-2002-2285.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eTrust InoculateIT 6.0 with the \"Incremental Scan\" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021129 CA InoculateIT 6.0 Realtime Scanner may fail to detect vira", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-12/0003.html" - }, - { - "name" : "1005740", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005740" - }, - { - "name" : "etrust-inoculateit-protection-bypass(10770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eTrust InoculateIT 6.0 with the \"Incremental Scan\" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005740", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005740" + }, + { + "name": "20021129 CA InoculateIT 6.0 Realtime Scanner may fail to detect vira", + "refsource": "NTBUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-12/0003.html" + }, + { + "name": "etrust-inoculateit-protection-bypass(10770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10770" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2438.json b/2002/2xxx/CVE-2002-2438.json index 5ef2b630a2b..52161469585 100644 --- a/2002/2xxx/CVE-2002-2438.json +++ b/2002/2xxx/CVE-2002-2438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2438", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2438", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0051.json b/2005/0xxx/CVE-2005-0051.json index 47c4af1544c..95f8b8c838c 100644 --- a/2005/0xxx/CVE-2005-0051.json +++ b/2005/0xxx/CVE-2005-0051.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the \"Named Pipe Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-007", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-007" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#939074", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/939074" - }, - { - "name" : "12486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12486" - }, - { - "name" : "oval:org.mitre.oval:def:2292", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2292" - }, - { - "name" : "oval:org.mitre.oval:def:3055", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3055" - }, - { - "name" : "1013112", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013112" - }, - { - "name" : "14189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14189" - }, - { - "name" : "win-named-pipe-information-disclosure(19093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the \"Named Pipe Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:3055", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3055" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:2292", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2292" + }, + { + "name": "MS05-007", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-007" + }, + { + "name": "1013112", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013112" + }, + { + "name": "12486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12486" + }, + { + "name": "win-named-pipe-information-disclosure(19093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19093" + }, + { + "name": "VU#939074", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/939074" + }, + { + "name": "14189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14189" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0236.json b/2005/0xxx/CVE-2005-0236.json index 4564343a0b7..d4b762dee53 100644 --- a/2005/0xxx/CVE-2005-0236.json +++ b/2005/0xxx/CVE-2005-0236.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050206 state of homograph attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" - }, - { - "name" : "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110782704923280&w=2" - }, - { - "name" : "http://www.shmoo.com/idn", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn" - }, - { - "name" : "http://www.shmoo.com/idn/homograph.txt", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn/homograph.txt" - }, - { - "name" : "12461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12461" - }, - { - "name" : "multiple-browsers-idn-spoof(19236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shmoo.com/idn/homograph.txt", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn/homograph.txt" + }, + { + "name": "multiple-browsers-idn-spoof(19236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" + }, + { + "name": "20050206 state of homograph attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" + }, + { + "name": "http://www.shmoo.com/idn", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn" + }, + { + "name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2" + }, + { + "name": "12461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12461" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0576.json b/2005/0xxx/CVE-2005-0576.json index 4339f027a31..8a19b8ea850 100644 --- a/2005/0xxx/CVE-2005-0576.json +++ b/2005/0xxx/CVE-2005-0576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12656" - }, - { - "name" : "14381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14381" - }, - { - "name" : "57738", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12656" + }, + { + "name": "57738", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1" + }, + { + "name": "14381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14381" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0655.json b/2005/0xxx/CVE-2005-0655.json index 13f008ed416..11f3d03bce9 100644 --- a/2005/0xxx/CVE-2005-0655.json +++ b/2005/0xxx/CVE-2005-0655.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 Vulnerabilities in Aura CMS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110979842315750&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv011-y3dips-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv011-y3dips-2005.txt" - }, - { - "name" : "1013357", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050302 Vulnerabilities in Aura CMS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110979842315750&w=2" + }, + { + "name": "http://echo.or.id/adv/adv011-y3dips-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv011-y3dips-2005.txt" + }, + { + "name": "1013357", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013357" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1115.json b/2005/1xxx/CVE-2005-1115.json index b1982899edf..3d7c306be1d 100644 --- a/2005/1xxx/CVE-2005-1115.json +++ b/2005/1xxx/CVE-2005-1115.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111343406309969&w=2" - }, - { - "name" : "http://www.digitalparadox.org/advisories/phpbbp.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/phpbbp.txt" - }, - { - "name" : "13157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13157" - }, - { - "name" : "13158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13157" + }, + { + "name": "http://www.digitalparadox.org/advisories/phpbbp.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/phpbbp.txt" + }, + { + "name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111343406309969&w=2" + }, + { + "name": "13158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13158" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1134.json b/2005/1xxx/CVE-2005-1134.json index 333afbd163c..f54dc59ae51 100644 --- a/2005/1xxx/CVE-2005-1134.json +++ b/2005/1xxx/CVE-2005-1134.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050413 serendipity SQL Injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/Apr/0195.html" - }, - { - "name" : "http://www.s9y.org/5.html", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/5.html" - }, - { - "name" : "http://www.s9y.org/63.html#A9", - "refsource" : "CONFIRM", - "url" : "http://www.s9y.org/63.html#A9" - }, - { - "name" : "13161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13161" - }, - { - "name" : "15542", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15542" - }, - { - "name" : "1013699", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013699" - }, - { - "name" : "15145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15145" - }, - { - "name" : "serendipity-urlid-entryid-sql-injection(20119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.s9y.org/5.html", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/5.html" + }, + { + "name": "15542", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15542" + }, + { + "name": "20050413 serendipity SQL Injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html" + }, + { + "name": "15145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15145" + }, + { + "name": "http://www.s9y.org/63.html#A9", + "refsource": "CONFIRM", + "url": "http://www.s9y.org/63.html#A9" + }, + { + "name": "serendipity-urlid-entryid-sql-injection(20119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119" + }, + { + "name": "1013699", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013699" + }, + { + "name": "13161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13161" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1795.json b/2005/1xxx/CVE-2005-1795.json index 894d07c8edd..15e29a5e2b3 100644 --- a/2005/1xxx/CVE-2005-1795.json +++ b/2005/1xxx/CVE-2005-1795.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sentinelchicken.com/advisories/clamav", - "refsource" : "MISC", - "url" : "http://www.sentinelchicken.com/advisories/clamav" - }, - { - "name" : "1014070", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sentinelchicken.com/advisories/clamav", + "refsource": "MISC", + "url": "http://www.sentinelchicken.com/advisories/clamav" + }, + { + "name": "1014070", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014070" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0549.json b/2009/0xxx/CVE-2009-0549.json index 47a0c5c66c8..fe5b5605e4e 100644 --- a/2009/0xxx/CVE-2009-0549.json +++ b/2009/0xxx/CVE-2009-0549.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35215" - }, - { - "name" : "54952", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54952" - }, - { - "name" : "oval:org.mitre.oval:def:5830", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830" - }, - { - "name" : "1022351", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022351" - }, - { - "name" : "ADV-2009-1540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1540" + }, + { + "name": "54952", + "refsource": "OSVDB", + "url": "http://osvdb.org/54952" + }, + { + "name": "1022351", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022351" + }, + { + "name": "MS09-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" + }, + { + "name": "35215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35215" + }, + { + "name": "oval:org.mitre.oval:def:5830", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0652.json b/2009/0xxx/CVE-2009-0652.json index 51d4a87ea81..59eb81ce441 100644 --- a/2009/0xxx/CVE-2009-0652.json +++ b/2009/0xxx/CVE-2009-0652.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20090219 SSL MITM fun.", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html" - }, - { - "name" : "[dailydave] 20090220 SSL MITM fun.", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html" - }, - { - "name" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike" - }, - { - "name" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html" - }, - { - "name" : "DSA-1797", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1797" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-3875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" - }, - { - "name" : "MDVSA-2009:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" - }, - { - "name" : "RHSA-2009:0436", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" - }, - { - "name" : "RHSA-2009:0437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "USN-764-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/764-1/" - }, - { - "name" : "33837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33837" - }, - { - "name" : "oval:org.mitre.oval:def:11396", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396" - }, - { - "name" : "34096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34096" - }, - { - "name" : "34894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34894" - }, - { - "name" : "34843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34843" - }, - { - "name" : "34844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34844" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35042" - }, - { - "name" : "ADV-2009-1125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1125" - }, - { - "name" : "mozilla-firefox-homoglyph-spoofing(48974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" + }, + { + "name": "oval:org.mitre.oval:def:11396", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396" + }, + { + "name": "FEDORA-2009-3875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" + }, + { + "name": "34894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34894" + }, + { + "name": "ADV-2009-1125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1125" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "mozilla-firefox-homoglyph-spoofing(48974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48974" + }, + { + "name": "[dailydave] 20090219 SSL MITM fun.", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html" + }, + { + "name": "34096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34096" + }, + { + "name": "34844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34844" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "[dailydave] 20090220 SSL MITM fun.", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html" + }, + { + "name": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf" + }, + { + "name": "USN-764-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/764-1/" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "33837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33837" + }, + { + "name": "35042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35042" + }, + { + "name": "34843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34843" + }, + { + "name": "DSA-1797", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1797" + }, + { + "name": "RHSA-2009:0437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html" + }, + { + "name": "RHSA-2009:0436", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html" + }, + { + "name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike", + "refsource": "MISC", + "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0659.json b/2009/0xxx/CVE-2009-0659.json index 6d54b9d346f..85c75ae4eec 100644 --- a/2009/0xxx/CVE-2009-0659.json +++ b/2009/0xxx/CVE-2009-0659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33972" - }, - { - "name" : "tptest-pwd-bo(48781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781" - }, - { - "name" : "tptest-getstatsfromline-bo(48953)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tptest-pwd-bo(48781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781" + }, + { + "name": "33972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33972" + }, + { + "name": "tptest-getstatsfromline-bo(48953)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48953" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1001.json b/2009/1xxx/CVE-2009-1001.json index d43b63fedb1..33a39f3e383 100644 --- a/2009/1xxx/CVE-2009-1001.json +++ b/2009/1xxx/CVE-2009-1001.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/wls-security/1001.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/wls-security/1001.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53767", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53767" - }, - { - "name" : "1022059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022059" - }, - { - "name" : "oracle-weblogic-wls-priv-escalation(50053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022059" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html" + }, + { + "name": "53767", + "refsource": "OSVDB", + "url": "http://osvdb.org/53767" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "oracle-weblogic-wls-priv-escalation(50053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50053" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1098.json b/2009/1xxx/CVE-2009-1098.json index 38252d7b59a..2673b1f3d39 100644 --- a/2009/1xxx/CVE-2009-1098.json +++ b/2009/1xxx/CVE-2009-1098.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1769", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1769" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" - }, - { - "name" : "MDVSA-2009:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" - }, - { - "name" : "MDVSA-2009:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" - }, - { - "name" : "RHSA-2009:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" - }, - { - "name" : "RHSA-2009:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" - }, - { - "name" : "RHSA-2009:0377", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" - }, - { - "name" : "RHSA-2009:1038", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" - }, - { - "name" : "RHSA-2009:1198", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" - }, - { - "name" : "254571", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" - }, - { - "name" : "SUSE-SA:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "SUSE-SA:2009:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" - }, - { - "name" : "USN-748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-748-1" - }, - { - "name" : "34240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34240" - }, - { - "name" : "oval:org.mitre.oval:def:6008", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008" - }, - { - "name" : "oval:org.mitre.oval:def:9956", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956" - }, - { - "name" : "1021913", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021913" - }, - { - "name" : "34489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34489" - }, - { - "name" : "34495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34495" - }, - { - "name" : "34496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34496" - }, - { - "name" : "34675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34675" - }, - { - "name" : "34632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34632" - }, - { - "name" : "35223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35223" - }, - { - "name" : "35156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35156" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "36185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36185" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" + }, + { + "name": "MDVSA-2009:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" + }, + { + "name": "34632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34632" + }, + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "35156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35156" + }, + { + "name": "34675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34675" + }, + { + "name": "SUSE-SA:2009:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "oval:org.mitre.oval:def:6008", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" + }, + { + "name": "1021913", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021913" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "34489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34489" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1038", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html" + }, + { + "name": "RHSA-2009:1198", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2" + }, + { + "name": "RHSA-2009:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html" + }, + { + "name": "254571", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" + }, + { + "name": "34495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34495" + }, + { + "name": "oval:org.mitre.oval:def:9956", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956" + }, + { + "name": "36185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36185" + }, + { + "name": "RHSA-2009:0377", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "MDVSA-2009:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "RHSA-2009:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html" + }, + { + "name": "35223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35223" + }, + { + "name": "34240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34240" + }, + { + "name": "34496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34496" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "USN-748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-748-1" + }, + { + "name": "DSA-1769", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1769" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "SUSE-SA:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1624.json b/2009/1xxx/CVE-2009-1624.json index 10adde4072a..1f7403d61fa 100644 --- a/2009/1xxx/CVE-2009-1624.json +++ b/2009/1xxx/CVE-2009-1624.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8545", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8545" - }, - { - "name" : "34732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34732" + }, + { + "name": "8545", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8545" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1652.json b/2009/1xxx/CVE-2009-1652.json index 88dae98cb77..9a9524457f8 100644 --- a/2009/1xxx/CVE-2009-1652.json +++ b/2009/1xxx/CVE-2009-1652.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8689", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8689" - }, - { - "name" : "34976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34976" - }, - { - "name" : "54493", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54493" - }, - { - "name" : "35071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35071" + }, + { + "name": "8689", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8689" + }, + { + "name": "54493", + "refsource": "OSVDB", + "url": "http://osvdb.org/54493" + }, + { + "name": "34976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34976" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1965.json b/2009/1xxx/CVE-2009-1965.json index 00305da1da1..312d2d9e9cb 100644 --- a/2009/1xxx/CVE-2009-1965.json +++ b/2009/1xxx/CVE-2009-1965.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36760" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36760" + }, + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4712.json b/2009/4xxx/CVE-2009-4712.json index d0a64f4b23a..15033e1f510 100644 --- a/2009/4xxx/CVE-2009-4712.json +++ b/2009/4xxx/CVE-2009-4712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt" - }, - { - "name" : "56601", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56601" - }, - { - "name" : "35977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56601", + "refsource": "OSVDB", + "url": "http://osvdb.org/56601" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt" + }, + { + "name": "35977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35977" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4781.json b/2009/4xxx/CVE-2009-4781.json index d625fcbdb56..dfff056622b 100644 --- a/2009/4xxx/CVE-2009-4781.json +++ b/2009/4xxx/CVE-2009-4781.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10201", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10201" - }, - { - "name" : "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9", - "refsource" : "CONFIRM", - "url" : "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9" - }, - { - "name" : "37553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37553" + }, + { + "name": "10201", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10201" + }, + { + "name": "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9", + "refsource": "CONFIRM", + "url": "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5013.json b/2009/5xxx/CVE-2009-5013.json index 6b32411b197..f0db16c59bb 100644 --- a/2009/5xxx/CVE-2009-5013.json +++ b/2009/5xxx/CVE-2009-5013.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=119", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=119" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/detail?r=615", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/detail?r=615" - }, - { - "name" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" + }, + { + "name": "http://code.google.com/p/pyftpdlib/issues/detail?id=119", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/issues/detail?id=119" + }, + { + "name": "http://code.google.com/p/pyftpdlib/source/detail?r=615", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/pyftpdlib/source/detail?r=615" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2173.json b/2012/2xxx/CVE-2012-2173.json index 357f0801099..4908615b1d8 100644 --- a/2012/2xxx/CVE-2012-2173.json +++ b/2012/2xxx/CVE-2012-2173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21598423", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21598423" - }, - { - "name" : "appscansource-soliddbpass-weak-security(75242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appscansource-soliddbpass-weak-security(75242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75242" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21598423", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21598423" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2326.json b/2012/2xxx/CVE-2012-2326.json index 0c55204280a..b45936f4867 100644 --- a/2012/2xxx/CVE-2012-2326.json +++ b/2012/2xxx/CVE-2012-2326.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" - }, - { - "name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" - }, - { - "name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" - }, - { - "name" : "53417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53417" + }, + { + "name": "[oss-security] 20120507 CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/13" + }, + { + "name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" + }, + { + "name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/14" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2502.json b/2012/2xxx/CVE-2012-2502.json index 18003d2b2f7..5f0778d65dd 100644 --- a/2012/2xxx/CVE-2012-2502.json +++ b/2012/2xxx/CVE-2012-2502.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2502", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2502", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2931.json b/2012/2xxx/CVE-2012-2931.json index bb31d65c292..b784ac7b586 100644 --- a/2012/2xxx/CVE-2012-2931.json +++ b/2012/2xxx/CVE-2012-2931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3338.json b/2012/3xxx/CVE-2012-3338.json index 0e4e3b5bb68..9aafd61046b 100644 --- a/2012/3xxx/CVE-2012-3338.json +++ b/2012/3xxx/CVE-2012-3338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3370.json b/2012/3xxx/CVE-2012-3370.json index 605359c30c0..1f7bc8a689c 100644 --- a/2012/3xxx/CVE-2012-3370.json +++ b/2012/3xxx/CVE-2012-3370.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456" - }, - { - "name" : "RHSA-2013:0191", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" - }, - { - "name" : "RHSA-2013:0192", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" - }, - { - "name" : "RHSA-2013:0193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" - }, - { - "name" : "RHSA-2013:0194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" - }, - { - "name" : "RHSA-2013:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" - }, - { - "name" : "RHSA-2013:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" - }, - { - "name" : "RHSA-2013:0197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" - }, - { - "name" : "RHSA-2013:0198", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" - }, - { - "name" : "RHSA-2013:0221", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html" - }, - { - "name" : "RHSA-2013:0533", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html" - }, - { - "name" : "57550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57550" - }, - { - "name" : "89581", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/89581" - }, - { - "name" : "1028042", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1028042" - }, - { - "name" : "51984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51984" - }, - { - "name" : "52054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52054" - }, - { - "name" : "jboss-eap-getcredential-info-disc(81513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456" + }, + { + "name": "jboss-eap-getcredential-info-disc(81513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81513" + }, + { + "name": "RHSA-2013:0192", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "name": "RHSA-2013:0198", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "name": "RHSA-2013:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "name": "RHSA-2013:0221", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html" + }, + { + "name": "89581", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/89581" + }, + { + "name": "RHSA-2013:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "name": "57550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57550" + }, + { + "name": "RHSA-2013:0193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "name": "51984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51984" + }, + { + "name": "1028042", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1028042" + }, + { + "name": "52054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52054" + }, + { + "name": "RHSA-2013:0191", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "name": "RHSA-2013:0533", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html" + }, + { + "name": "RHSA-2013:0197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html" + }, + { + "name": "RHSA-2013:0194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3862.json b/2012/3xxx/CVE-2012-3862.json index 2450bddce3a..3860c59f2eb 100644 --- a/2012/3xxx/CVE-2012-3862.json +++ b/2012/3xxx/CVE-2012-3862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3890.json b/2012/3xxx/CVE-2012-3890.json index bcca28ee51c..1c1d7879389 100644 --- a/2012/3xxx/CVE-2012-3890.json +++ b/2012/3xxx/CVE-2012-3890.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.winamp.com/showthread.php?t=345684", - "refsource" : "CONFIRM", - "url" : "http://forums.winamp.com/showthread.php?t=345684" - }, - { - "name" : "54131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54131" - }, - { - "name" : "oval:org.mitre.oval:def:15553", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553" - }, - { - "name" : "46624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.winamp.com/showthread.php?t=345684", + "refsource": "CONFIRM", + "url": "http://forums.winamp.com/showthread.php?t=345684" + }, + { + "name": "46624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46624" + }, + { + "name": "oval:org.mitre.oval:def:15553", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553" + }, + { + "name": "54131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54131" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4098.json b/2012/4xxx/CVE-2012-4098.json index 61e856561c1..bebe35389bf 100644 --- a/2012/4xxx/CVE-2012-4098.json +++ b/2012/4xxx/CVE-2012-4098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098" - }, - { - "name" : "98129", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98129" - }, - { - "name" : "cisco-nxos-cve20124098-dos(87675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-nxos-cve20124098-dos(87675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87675" + }, + { + "name": "98129", + "refsource": "OSVDB", + "url": "http://osvdb.org/98129" + }, + { + "name": "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6098.json b/2012/6xxx/CVE-2012-6098.json index f9ddb8a9280..68f62fcf396 100644 --- a/2012/6xxx/CVE-2012-6098.json +++ b/2012/6xxx/CVE-2012-6098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130121 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=220158", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=220158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=220158", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=220158" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619" + }, + { + "name": "[oss-security] 20130121 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6194.json b/2012/6xxx/CVE-2012-6194.json index f0bbcebc3c3..553e6fb4350 100644 --- a/2012/6xxx/CVE-2012-6194.json +++ b/2012/6xxx/CVE-2012-6194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6194", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6194", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6250.json b/2012/6xxx/CVE-2012-6250.json index 0f53d6da9f7..dc9d32060ed 100644 --- a/2012/6xxx/CVE-2012-6250.json +++ b/2012/6xxx/CVE-2012-6250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6250", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6250", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6608.json b/2012/6xxx/CVE-2012-6608.json index 56176e4ce68..446c76d08bd 100644 --- a/2012/6xxx/CVE-2012-6608.json +++ b/2012/6xxx/CVE-2012-6608.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html" - }, - { - "name" : "55739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55739" + }, + { + "name": "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5373.json b/2015/5xxx/CVE-2015-5373.json index 91eabd45dae..22e7473e91c 100644 --- a/2015/5xxx/CVE-2015-5373.json +++ b/2015/5xxx/CVE-2015-5373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5474.json b/2015/5xxx/CVE-2015-5474.json index c68b74f5741..25cdf198b82 100644 --- a/2015/5xxx/CVE-2015-5474.json +++ b/2015/5xxx/CVE-2015-5474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-358/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-358/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-358/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-358/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2079.json b/2017/2xxx/CVE-2017-2079.json index 0088187dd38..c216ef41920 100644 --- a/2017/2xxx/CVE-2017-2079.json +++ b/2017/2xxx/CVE-2017-2079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2079", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2079", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2081.json b/2017/2xxx/CVE-2017-2081.json index aa55c401886..eaa08218bf2 100644 --- a/2017/2xxx/CVE-2017-2081.json +++ b/2017/2xxx/CVE-2017-2081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2081", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2081", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2099.json b/2017/2xxx/CVE-2017-2099.json index bf90bb95def..8887970dbbd 100644 --- a/2017/2xxx/CVE-2017-2099.json +++ b/2017/2xxx/CVE-2017-2099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", - "version" : { - "version_data" : [ - { - "version_value" : "V3.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", + "version": { + "version_data": [ + { + "version_value": "V3.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#71666779", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN71666779/index.html" - }, - { - "name" : "96226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96226" + }, + { + "name": "JVN#71666779", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN71666779/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2416.json b/2017/2xxx/CVE-2017-2416.json index ee330003550..c657eaf18df 100644 --- a/2017/2xxx/CVE-2017-2416.json +++ b/2017/2xxx/CVE-2017-2416.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/", - "refsource" : "MISC", - "url" : "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/", + "refsource": "MISC", + "url": "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11019.json b/2018/11xxx/CVE-2018-11019.json index e671028282c..ec4549f9d79 100644 --- a/2018/11xxx/CVE-2018-11019.json +++ b/2018/11xxx/CVE-2018-11019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md", - "refsource" : "MISC", - "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md" - }, - { - "name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", - "refsource" : "MISC", - "url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", + "refsource": "MISC", + "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" + }, + { + "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md", + "refsource": "MISC", + "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11281.json b/2018/11xxx/CVE-2018-11281.json index ffe3f2571c9..31b89b88f6f 100644 --- a/2018/11xxx/CVE-2018-11281.json +++ b/2018/11xxx/CVE-2018-11281.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Data" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11478.json b/2018/11xxx/CVE-2018-11478.json index 6eb3463a01e..c99da98047f 100644 --- a/2018/11xxx/CVE-2018-11478.json +++ b/2018/11xxx/CVE-2018-11478.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/66" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" + }, + { + "name": "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/66" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11621.json b/2018/11xxx/CVE-2018-11621.json index f7aaa7f2d20..2402f5d2395 100644 --- a/2018/11xxx/CVE-2018-11621.json +++ b/2018/11xxx/CVE-2018-11621.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-11621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-11621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-698", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-698" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-698", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-698" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11743.json b/2018/11xxx/CVE-2018-11743.json index 9533ebe6ed7..d569636e61a 100644 --- a/2018/11xxx/CVE-2018-11743.json +++ b/2018/11xxx/CVE-2018-11743.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d", - "refsource" : "MISC", - "url" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d" - }, - { - "name" : "https://github.com/mruby/mruby/issues/4027", - "refsource" : "MISC", - "url" : "https://github.com/mruby/mruby/issues/4027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d", + "refsource": "MISC", + "url": "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d" + }, + { + "name": "https://github.com/mruby/mruby/issues/4027", + "refsource": "MISC", + "url": "https://github.com/mruby/mruby/issues/4027" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11922.json b/2018/11xxx/CVE-2018-11922.json index 3080fed8008..e269088a28c 100644 --- a/2018/11xxx/CVE-2018-11922.json +++ b/2018/11xxx/CVE-2018-11922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14185.json b/2018/14xxx/CVE-2018-14185.json index 1f04926ec05..02d500fcc8b 100644 --- a/2018/14xxx/CVE-2018-14185.json +++ b/2018/14xxx/CVE-2018-14185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14250.json b/2018/14xxx/CVE-2018-14250.json index faf846a844a..c79868953f0 100644 --- a/2018/14xxx/CVE-2018-14250.json +++ b/2018/14xxx/CVE-2018-14250.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-710", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-710" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-710", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-710" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14973.json b/2018/14xxx/CVE-2018-14973.json index 66bf7c3b881..d3a2018b9b6 100644 --- a/2018/14xxx/CVE-2018-14973.json +++ b/2018/14xxx/CVE-2018-14973.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/QCMS/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/QCMS/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14995.json b/2018/14xxx/CVE-2018-14995.json index 769ec07dc2a..b4b21aece68 100644 --- a/2018/14xxx/CVE-2018-14995.json +++ b/2018/14xxx/CVE-2018-14995.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15005.json b/2018/15xxx/CVE-2018-15005.json index 6f305eddca6..83beafd55a5 100644 --- a/2018/15xxx/CVE-2018-15005.json +++ b/2018/15xxx/CVE-2018-15005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - }, - { - "name" : "106361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106361" + }, + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15010.json b/2018/15xxx/CVE-2018-15010.json index c35d535bf6d..3a66dcf0f32 100644 --- a/2018/15xxx/CVE-2018-15010.json +++ b/2018/15xxx/CVE-2018-15010.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15010", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15010", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15477.json b/2018/15xxx/CVE-2018-15477.json index 06074cedcee..990a59727e8 100644 --- a/2018/15xxx/CVE-2018-15477.json +++ b/2018/15xxx/CVE-2018-15477.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt", - "refsource" : "MISC", - "url" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt", + "refsource": "MISC", + "url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15690.json b/2018/15xxx/CVE-2018-15690.json index 9b01d9a10fa..a4c945bf2e8 100644 --- a/2018/15xxx/CVE-2018-15690.json +++ b/2018/15xxx/CVE-2018-15690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15690", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15690", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index 136e880d612..50f124692c1 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -1,136 +1,136 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2018-8039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache CXF", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 3.1.16" - }, - { - "version_value" : "3.2.x prior to 3.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Certificate with Host Mismatch" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2018-8039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache CXF", + "version": { + "version_data": [ + { + "version_value": "prior to 3.1.16" + }, + { + "version_value": "3.2.x prior to 3.2.5" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" - }, - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" - }, - { - "name" : "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" - }, - { - "name" : "RHSA-2018:2276", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2276" - }, - { - "name" : "RHSA-2018:2277", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2277" - }, - { - "name" : "RHSA-2018:2279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2279" - }, - { - "name" : "RHSA-2018:2423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2423" - }, - { - "name" : "RHSA-2018:2424", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2424" - }, - { - "name" : "RHSA-2018:2425", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2425" - }, - { - "name" : "RHSA-2018:2428", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2428" - }, - { - "name" : "RHSA-2018:2643", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2643" - }, - { - "name" : "RHSA-2018:3768", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3768" - }, - { - "name" : "RHSA-2018:3817", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3817" - }, - { - "name" : "106357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106357" - }, - { - "name" : "1041199", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Certificate with Host Mismatch" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", + "refsource": "CONFIRM", + "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" + }, + { + "name": "RHSA-2018:2428", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2428" + }, + { + "name": "RHSA-2018:3817", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3817" + }, + { + "name": "RHSA-2018:2643", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2643" + }, + { + "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" + }, + { + "name": "106357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106357" + }, + { + "name": "RHSA-2018:2279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2279" + }, + { + "name": "RHSA-2018:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2424" + }, + { + "name": "RHSA-2018:2276", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2276" + }, + { + "name": "RHSA-2018:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2423" + }, + { + "name": "RHSA-2018:2425", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2425" + }, + { + "name": "RHSA-2018:2277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2277" + }, + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" + }, + { + "name": "1041199", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041199" + }, + { + "name": "RHSA-2018:3768", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3768" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8320.json b/2018/8xxx/CVE-2018-8320.json index 030622269bb..cf746025353 100644 --- a/2018/8xxx/CVE-2018-8320.json +++ b/2018/8xxx/CVE-2018-8320.json @@ -1,184 +1,184 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320" - }, - { - "name" : "105503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105503" - }, - { - "name" : "1041830", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105503" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320" + }, + { + "name": "1041830", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041830" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8407.json b/2018/8xxx/CVE-2018-8407.json index 5af0fbb311b..b734dbd4338 100644 --- a/2018/8xxx/CVE-2018-8407.json +++ b/2018/8xxx/CVE-2018-8407.json @@ -1,241 +1,241 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when \"Kernel Remote Procedure Call Provider\" driver improperly initializes objects in memory, aka \"MSRPC Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407" - }, - { - "name" : "105794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105794" - }, - { - "name" : "1042123", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when \"Kernel Remote Procedure Call Provider\" driver improperly initializes objects in memory, aka \"MSRPC Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042123", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042123" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407" + }, + { + "name": "105794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105794" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8421.json b/2018/8xxx/CVE-2018-8421.json index f7ab8505cf4..a4cd91a10bb 100644 --- a/2018/8xxx/CVE-2018-8421.json +++ b/2018/8xxx/CVE-2018-8421.json @@ -1,276 +1,276 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft .NET Framework", - "version" : { - "version_data" : [ - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "3.5 on Windows 10 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "3.5 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "3.5 on Windows Server 2012" - }, - { - "version_value" : "3.5 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2" - }, - { - "version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server 2016" - }, - { - "version_value" : "3.5 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.5.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.5.2 on Windows RT 8.1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" - }, - { - "version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" - }, - { - "version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework", + "version": { + "version_data": [ + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "3.5 on Windows 10 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "3.5 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "3.5 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "3.5 on Windows Server 2012" + }, + { + "version_value": "3.5 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2012 R2" + }, + { + "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server 2016" + }, + { + "version_value": "3.5 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.5.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.5.2 on Windows RT 8.1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012" + }, + { + "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" + }, + { + "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" + }, + { + "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421" - }, - { - "name" : "105222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105222" - }, - { - "name" : "1041636", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421" + }, + { + "name": "1041636", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041636" + }, + { + "name": "105222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105222" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8522.json b/2018/8xxx/CVE-2018-8522.json index 037159f4374..b9da0118193 100644 --- a/2018/8xxx/CVE-2018-8522.json +++ b/2018/8xxx/CVE-2018-8522.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - }, - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522" - }, - { - "name" : "105820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105820" - }, - { - "name" : "1042110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042110" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522" + }, + { + "name": "105820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105820" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8960.json b/2018/8xxx/CVE-2018-8960.json index 29f9a697479..92612f54372 100644 --- a/2018/8xxx/CVE-2018-8960.json +++ b/2018/8xxx/CVE-2018-8960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1020", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1020" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "103523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1020", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1020" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "103523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103523" + } + ] + } +} \ No newline at end of file