From 5358181f3bf9d43cd84fb3fa2514cd107f8cef13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:45:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0990.json | 150 ++++----- 2002/2xxx/CVE-2002-2030.json | 140 ++++----- 2002/2xxx/CVE-2002-2157.json | 34 +- 2005/0xxx/CVE-2005-0002.json | 140 ++++----- 2005/0xxx/CVE-2005-0575.json | 160 +++++----- 2005/0xxx/CVE-2005-0695.json | 140 ++++----- 2005/0xxx/CVE-2005-0749.json | 240 +++++++------- 2005/0xxx/CVE-2005-0767.json | 150 ++++----- 2005/0xxx/CVE-2005-0903.json | 130 ++++---- 2005/1xxx/CVE-2005-1120.json | 180 +++++------ 2005/1xxx/CVE-2005-1438.json | 140 ++++----- 2005/1xxx/CVE-2005-1514.json | 140 ++++----- 2005/1xxx/CVE-2005-1698.json | 120 +++---- 2005/1xxx/CVE-2005-1713.json | 150 ++++----- 2005/4xxx/CVE-2005-4375.json | 160 +++++----- 2009/0xxx/CVE-2009-0033.json | 550 ++++++++++++++++----------------- 2009/0xxx/CVE-2009-0187.json | 180 +++++------ 2009/0xxx/CVE-2009-0907.json | 34 +- 2009/0xxx/CVE-2009-0958.json | 180 +++++------ 2009/0xxx/CVE-2009-0999.json | 170 +++++----- 2009/1xxx/CVE-2009-1680.json | 170 +++++----- 2009/1xxx/CVE-2009-1845.json | 150 ++++----- 2009/1xxx/CVE-2009-1912.json | 200 ++++++------ 2009/4xxx/CVE-2009-4426.json | 170 +++++----- 2009/4xxx/CVE-2009-4468.json | 140 ++++----- 2009/4xxx/CVE-2009-4903.json | 140 ++++----- 2012/2xxx/CVE-2012-2009.json | 160 +++++----- 2012/2xxx/CVE-2012-2133.json | 200 ++++++------ 2012/2xxx/CVE-2012-2145.json | 210 ++++++------- 2012/2xxx/CVE-2012-2944.json | 220 ++++++------- 2012/3xxx/CVE-2012-3008.json | 160 +++++----- 2012/3xxx/CVE-2012-3077.json | 34 +- 2012/3xxx/CVE-2012-3228.json | 150 ++++----- 2012/3xxx/CVE-2012-3806.json | 34 +- 2012/3xxx/CVE-2012-3968.json | 230 +++++++------- 2012/6xxx/CVE-2012-6527.json | 160 +++++----- 2012/6xxx/CVE-2012-6700.json | 160 +++++----- 2015/1xxx/CVE-2015-1416.json | 180 +++++------ 2015/5xxx/CVE-2015-5119.json | 270 ++++++++-------- 2015/5xxx/CVE-2015-5516.json | 140 ++++----- 2015/5xxx/CVE-2015-5650.json | 130 ++++---- 2015/5xxx/CVE-2015-5819.json | 190 ++++++------ 2015/5xxx/CVE-2015-5999.json | 170 +++++----- 2017/2xxx/CVE-2017-2544.json | 160 +++++----- 2018/11xxx/CVE-2018-11045.json | 152 ++++----- 2018/11xxx/CVE-2018-11314.json | 130 ++++---- 2018/11xxx/CVE-2018-11821.json | 120 +++---- 2018/14xxx/CVE-2018-14279.json | 130 ++++---- 2018/15xxx/CVE-2018-15154.json | 150 ++++----- 2018/15xxx/CVE-2018-15759.json | 176 +++++------ 2018/15xxx/CVE-2018-15853.json | 160 +++++----- 2018/15xxx/CVE-2018-15860.json | 34 +- 2018/3xxx/CVE-2018-3762.json | 130 ++++---- 2018/3xxx/CVE-2018-3909.json | 122 ++++---- 2018/8xxx/CVE-2018-8209.json | 222 ++++++------- 2018/8xxx/CVE-2018-8380.json | 166 +++++----- 2018/8xxx/CVE-2018-8404.json | 364 +++++++++++----------- 2018/8xxx/CVE-2018-8661.json | 34 +- 2018/8xxx/CVE-2018-8870.json | 122 ++++---- 59 files changed, 4714 insertions(+), 4714 deletions(-) diff --git a/2002/0xxx/CVE-2002-0990.json b/2002/0xxx/CVE-2002-0990.json index 0f932b61a96..016aba05c98 100644 --- a/2002/0xxx/CVE-2002-0990.json +++ b/2002/0xxx/CVE-2002-0990.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021014 Multiple Symantec Firewall Secure Webserver timeout DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103463869503124&w=2" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html" - }, - { - "name" : "5958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5958" - }, - { - "name" : "simple-webserver-url-dos(10364)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10364.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "simple-webserver-url-dos(10364)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10364.php" + }, + { + "name": "20021014 Multiple Symantec Firewall Secure Webserver timeout DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103463869503124&w=2" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html" + }, + { + "name": "5958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5958" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2030.json b/2002/2xxx/CVE-2002-2030.json index fd9ade05341..e613b5f7a1f 100644 --- a/2002/2xxx/CVE-2002-2030.json +++ b/2002/2xxx/CVE-2002-2030.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3778" - }, - { - "name" : "1003123", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003123" - }, - { - "name" : "sqldata-enterprise-bo(7821)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7821.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3778" + }, + { + "name": "sqldata-enterprise-bo(7821)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7821.php" + }, + { + "name": "1003123", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003123" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2157.json b/2002/2xxx/CVE-2002-2157.json index b358e582da1..2139bfa64e3 100644 --- a/2002/2xxx/CVE-2002-2157.json +++ b/2002/2xxx/CVE-2002-2157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2157", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1660. Reason: This candidate is a duplicate of CVE-2002-1660. Notes: All CVE users should reference CVE-2002-1660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-2157", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1660. Reason: This candidate is a duplicate of CVE-2002-1660. Notes: All CVE users should reference CVE-2002-1660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0002.json b/2005/0xxx/CVE-2005-0002.json index 6ebcb949eb1..07acae654a8 100644 --- a/2005/0xxx/CVE-2005-0002.json +++ b/2005/0xxx/CVE-2005-0002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200501-22", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200501-22.xml" - }, - { - "name" : "1012840", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012840" - }, - { - "name" : "13865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13865" + }, + { + "name": "GLSA-200501-22", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200501-22.xml" + }, + { + "name": "1012840", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012840" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0575.json b/2005/0xxx/CVE-2005-0575.json index 92609399c3e..c255f5dbd8c 100644 --- a/2005/0xxx/CVE-2005-0575.json +++ b/2005/0xxx/CVE-2005-0575.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050225 Knet <= 1.04c Buffer Overflow Bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110943766505666&w=2" - }, - { - "name" : "24897", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24897" - }, - { - "name" : "24950", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24950" - }, - { - "name" : "12671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12671" - }, - { - "name" : "14400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24897", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24897" + }, + { + "name": "24950", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24950" + }, + { + "name": "12671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12671" + }, + { + "name": "14400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14400" + }, + { + "name": "20050225 Knet <= 1.04c Buffer Overflow Bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110943766505666&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0695.json b/2005/0xxx/CVE-2005-0695.json index 5382d4119e9..b029bc460c7 100644 --- a/2005/0xxx/CVE-2005-0695.json +++ b/2005/0xxx/CVE-2005-0695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the \"login ID\" field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050307 Hosting Controller Multiple Unauthenticated information disclose", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111026083314947&w=2" - }, - { - "name" : "http://isun.shabgard.org/hc2.txt", - "refsource" : "MISC", - "url" : "http://isun.shabgard.org/hc2.txt" - }, - { - "name" : "14522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the \"login ID\" field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050307 Hosting Controller Multiple Unauthenticated information disclose", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111026083314947&w=2" + }, + { + "name": "http://isun.shabgard.org/hc2.txt", + "refsource": "MISC", + "url": "http://isun.shabgard.org/hc2.txt" + }, + { + "name": "14522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14522" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0749.json b/2005/0xxx/CVE-2005-0749.json index a29e86d3646..12c36e159db 100644 --- a/2005/0xxx/CVE-2005-0749.json +++ b/2005/0xxx/CVE-2005-0749.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FLSA:152532", - "refsource" : "FEDORA", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532" - }, - { - "name" : "RHSA-2005:293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "RHSA-2005:529", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-529.html" - }, - { - "name" : "RHSA-2005:551", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-551.html" - }, - { - "name" : "20060402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" - }, - { - "name" : "USN-103-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/103-1/" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6" - }, - { - "name" : "12935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12935" - }, - { - "name" : "oval:org.mitre.oval:def:10640", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10640" - }, - { - "name" : "14713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14713/" - }, - { - "name" : "19607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19607" - }, - { - "name" : "kernel-loadelflibrary-dos(19867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12935" + }, + { + "name": "oval:org.mitre.oval:def:10640", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10640" + }, + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "kernel-loadelflibrary-dos(19867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19867" + }, + { + "name": "14713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14713/" + }, + { + "name": "19607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19607" + }, + { + "name": "USN-103-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/103-1/" + }, + { + "name": "RHSA-2005:551", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-551.html" + }, + { + "name": "FLSA:152532", + "refsource": "FEDORA", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532" + }, + { + "name": "20060402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" + }, + { + "name": "RHSA-2005:293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-293.html" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6" + }, + { + "name": "RHSA-2005:529", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-529.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0767.json b/2005/0xxx/CVE-2005-0767.json index ce314f20a81..a2d81c3823d 100644 --- a/2005/0xxx/CVE-2005-0767.json +++ b/2005/0xxx/CVE-2005-0767.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2005:945", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "USN-95-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/95-1/" - }, - { - "name" : "oval:org.mitre.oval:def:10431", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "oval:org.mitre.oval:def:10431", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10431" + }, + { + "name": "USN-95-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/95-1/" + }, + { + "name": "CLA-2005:945", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0903.json b/2005/0xxx/CVE-2005-0903.json index a3bec1928ba..6a4711d12b1 100644 --- a/2005/0xxx/CVE-2005-0903.json +++ b/2005/0xxx/CVE-2005-0903.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050326 QuickTime malformed JPEG buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111186277521713&w=2" - }, - { - "name" : "12905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12905" + }, + { + "name": "20050326 QuickTime malformed JPEG buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111186277521713&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1120.json b/2005/1xxx/CVE-2005-1120.json index 10bc56a701a..61106c72ff5 100644 --- a/2005/1xxx/CVE-2005-1120.json +++ b/2005/1xxx/CVE-2005-1120.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1010", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1010" - }, - { - "name" : "13175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13175" - }, - { - "name" : "15506", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15506" - }, - { - "name" : "1013701", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013701" - }, - { - "name" : "14957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14957" - }, - { - "name" : "19266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19266" - }, - { - "name" : "ilohamail-mail-attached-file-xss(20095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14957" + }, + { + "name": "13175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13175" + }, + { + "name": "1013701", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013701" + }, + { + "name": "19266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19266" + }, + { + "name": "ilohamail-mail-attached-file-xss(20095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20095" + }, + { + "name": "15506", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15506" + }, + { + "name": "DSA-1010", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1010" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1438.json b/2005/1xxx/CVE-2005-1438.json index c04c3ab99b1..7d907437bda 100644 --- a/2005/1xxx/CVE-2005-1438.json +++ b/2005/1xxx/CVE-2005-1438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00071-05022005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00071-05022005" - }, - { - "name" : "16278", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16278" - }, - { - "name" : "15216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16278", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16278" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00071-05022005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00071-05022005" + }, + { + "name": "15216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15216" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1514.json b/2005/1xxx/CVE-2005-1514.json index e60e34c525c..334177f6c90 100644 --- a/2005/1xxx/CVE-2005-1514.json +++ b/2005/1xxx/CVE-2005-1514.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050506 64 bit qmail fun", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0101.html" - }, - { - "name" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html" - }, - { - "name" : "1013911", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050506 64 bit qmail fun", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0101.html" + }, + { + "name": "http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html", + "refsource": "MISC", + "url": "http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html" + }, + { + "name": "1013911", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013911" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1698.json b/2005/1xxx/CVE-2005-1698.json index ad76b2838c6..8a24249a900 100644 --- a/2005/1xxx/CVE-2005-1698.json +++ b/2005/1xxx/CVE-2005-1698.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111670506926649&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050521 [SECURITYREASON.COM] PostNuke XSS and Full path disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111670506926649&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1713.json b/2005/1xxx/CVE-2005-1713.json index de5adc4f1db..11137c9483a 100644 --- a/2005/1xxx/CVE-2005-1713.json +++ b/2005/1xxx/CVE-2005-1713.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=328092", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=328092" - }, - { - "name" : "16660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16660" - }, - { - "name" : "16661", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16661" - }, - { - "name" : "15405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=328092", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=328092" + }, + { + "name": "15405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15405" + }, + { + "name": "16661", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16661" + }, + { + "name": "16660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16660" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4375.json b/2005/4xxx/CVE-2005-4375.json index 70db8cddaca..293568f77c6 100644 --- a/2005/4xxx/CVE-2005-4375.json +++ b/2005/4xxx/CVE-2005-4375.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/amaxus-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/amaxus-vuln.html" - }, - { - "name" : "15936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15936" - }, - { - "name" : "ADV-2005-2972", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2972" - }, - { - "name" : "21821", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21821" - }, - { - "name" : "18004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18004" + }, + { + "name": "15936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15936" + }, + { + "name": "21821", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21821" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/amaxus-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/amaxus-vuln.html" + }, + { + "name": "ADV-2005-2972", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2972" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0033.json b/2009/0xxx/CVE-2009-0033.json index 0ae1aedfe6f..b95f011e0f6 100644 --- a/2009/0xxx/CVE-2009-0033.json +++ b/2009/0xxx/CVE-2009-0033.json @@ -1,277 +1,277 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504044/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=742915&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=742915&view=rev" - }, - { - "name" : "http://svn.apache.org/viewvc?rev=781362&view=rev", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?rev=781362&view=rev" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "DSA-2207", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2207" - }, - { - "name" : "FEDORA-2009-11352", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" - }, - { - "name" : "FEDORA-2009-11356", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" - }, - { - "name" : "FEDORA-2009-11374", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" - }, - { - "name" : "HPSBUX02579", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "SSRT100203", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2" - }, - { - "name" : "HPSBUX02860", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "SSRT101146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" - }, - { - "name" : "HPSBMA02535", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "HPSBOV02762", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "SSRT100029", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" - }, - { - "name" : "SSRT100825", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" - }, - { - "name" : "MDVSA-2009:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" - }, - { - "name" : "MDVSA-2009:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" - }, - { - "name" : "MDVSA-2010:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" - }, - { - "name" : "263529", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "JVN#87272440", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87272440/index.html" - }, - { - "name" : "35193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35193" - }, - { - "name" : "oval:org.mitre.oval:def:10231", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231" - }, - { - "name" : "oval:org.mitre.oval:def:5739", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739" - }, - { - "name" : "oval:org.mitre.oval:def:19110", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110" - }, - { - "name" : "1022331", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022331" - }, - { - "name" : "35326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35326" - }, - { - "name" : "35344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35344" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35788" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "42368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42368" - }, - { - "name" : "ADV-2009-1496", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1496" - }, - { - "name" : "ADV-2009-1856", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1856" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "ADV-2010-3056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3056" - }, - { - "name" : "tomcat-ajp-dos(50928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "HPSBMA02535", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "35326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35326" + }, + { + "name": "MDVSA-2009:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" + }, + { + "name": "FEDORA-2009-11356", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" + }, + { + "name": "DSA-2207", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2207" + }, + { + "name": "35344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35344" + }, + { + "name": "HPSBUX02860", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "ADV-2010-3056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3056" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "35788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35788" + }, + { + "name": "SSRT100029", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "JVN#87272440", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87272440/index.html" + }, + { + "name": "ADV-2009-1496", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1496" + }, + { + "name": "HPSBOV02762", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "1022331", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022331" + }, + { + "name": "ADV-2009-1856", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1856" + }, + { + "name": "oval:org.mitre.oval:def:10231", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231" + }, + { + "name": "35193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35193" + }, + { + "name": "MDVSA-2010:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "42368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42368" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504044/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "http://svn.apache.org/viewvc?rev=742915&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=742915&view=rev" + }, + { + "name": "FEDORA-2009-11374", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" + }, + { + "name": "http://svn.apache.org/viewvc?rev=781362&view=rev", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?rev=781362&view=rev" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SSRT100825", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" + }, + { + "name": "FEDORA-2009-11352", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "oval:org.mitre.oval:def:19110", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "HPSBUX02579", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "SSRT101146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2" + }, + { + "name": "MDVSA-2009:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" + }, + { + "name": "263529", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" + }, + { + "name": "SSRT100203", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2" + }, + { + "name": "tomcat-ajp-dos(50928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50928" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "oval:org.mitre.oval:def:5739", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0187.json b/2009/0xxx/CVE-2009-0187.json index b5731bed8d4..54c325d67a6 100644 --- a/2009/0xxx/CVE-2009-0187.json +++ b/2009/0xxx/CVE-2009-0187.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a \"Connecting\" log message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-0187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501220/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-9/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-9/" - }, - { - "name" : "33894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33894" - }, - { - "name" : "52294", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52294" - }, - { - "name" : "33843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33843" - }, - { - "name" : "ADV-2009-0521", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0521" - }, - { - "name" : "orbitdownloader-connecting-bo(48932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a \"Connecting\" log message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0521", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0521" + }, + { + "name": "33894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33894" + }, + { + "name": "http://secunia.com/secunia_research/2009-9/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-9/" + }, + { + "name": "orbitdownloader-connecting-bo(48932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48932" + }, + { + "name": "52294", + "refsource": "OSVDB", + "url": "http://osvdb.org/52294" + }, + { + "name": "20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501220/100/0/threaded" + }, + { + "name": "33843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33843" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0907.json b/2009/0xxx/CVE-2009-0907.json index 019f16d1e56..d803aa1b315 100644 --- a/2009/0xxx/CVE-2009-0907.json +++ b/2009/0xxx/CVE-2009-0907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0907", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1899. Reason: This candidate is a duplicate of CVE-2009-1899. Notes: All CVE users should reference CVE-2009-1899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-0907", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1899. Reason: This candidate is a duplicate of CVE-2009-1899. Notes: All CVE users should reference CVE-2009-1899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0958.json b/2009/0xxx/CVE-2009-0958.json index 15ed977f479..c81a6a9267b 100644 --- a/2009/0xxx/CVE-2009-0958.json +++ b/2009/0xxx/CVE-2009-0958.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "35414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35414" - }, - { - "name" : "35447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35447" - }, - { - "name" : "55236", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55236" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "iphone-ipod-certificate-info-disclosure(51208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "iphone-ipod-certificate-info-disclosure(51208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "35447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35447" + }, + { + "name": "35414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35414" + }, + { + "name": "55236", + "refsource": "OSVDB", + "url": "http://osvdb.org/55236" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0999.json b/2009/0xxx/CVE-2009-0999.json index 5d2228c41f8..bdb2850ab69 100644 --- a/2009/0xxx/CVE-2009-0999.json +++ b/2009/0xxx/CVE-2009-0999.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53753", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53753" - }, - { - "name" : "1022056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022056" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "53753", + "refsource": "OSVDB", + "url": "http://osvdb.org/53753" + }, + { + "name": "1022056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022056" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1680.json b/2009/1xxx/CVE-2009-1680.json index 87095d07758..e6c4adb911a 100644 --- a/2009/1xxx/CVE-2009-1680.json +++ b/2009/1xxx/CVE-2009-1680.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "35414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35414" - }, - { - "name" : "35448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35448" - }, - { - "name" : "55240", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55240" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "35414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35414" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "35448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35448" + }, + { + "name": "55240", + "refsource": "OSVDB", + "url": "http://osvdb.org/55240" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1845.json b/2009/1xxx/CVE-2009-1845.json index 9da32fe1d17..cbc925581fc 100644 --- a/2009/1xxx/CVE-2009-1845.json +++ b/2009/1xxx/CVE-2009-1845.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090527 Vanilla v.1.1.7 Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503847/100/0/threaded" - }, - { - "name" : "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html" - }, - { - "name" : "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0", - "refsource" : "CONFIRM", - "url" : "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0" - }, - { - "name" : "35234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35234" + }, + { + "name": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0", + "refsource": "CONFIRM", + "url": "http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0" + }, + { + "name": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html" + }, + { + "name": "20090527 Vanilla v.1.1.7 Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503847/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1912.json b/2009/1xxx/CVE-2009-1912.json index 008ce8b42b4..69352bb38f8 100644 --- a/2009/1xxx/CVE-2009-1912.json +++ b/2009/1xxx/CVE-2009-1912.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8622", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8622" - }, - { - "name" : "http://www.webspell.org/", - "refsource" : "CONFIRM", - "url" : "http://www.webspell.org/" - }, - { - "name" : "http://www.webspell.org/index.php?site=files&file=30", - "refsource" : "CONFIRM", - "url" : "http://www.webspell.org/index.php?site=files&file=30" - }, - { - "name" : "http://www.webspell.org/index.php?site=news_comments&newsID=130", - "refsource" : "CONFIRM", - "url" : "http://www.webspell.org/index.php?site=news_comments&newsID=130" - }, - { - "name" : "34862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34862" - }, - { - "name" : "54295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54295" - }, - { - "name" : "54296", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54296" - }, - { - "name" : "35016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35016" - }, - { - "name" : "webspell-awards-sql-injection(50395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webspell.org/index.php?site=news_comments&newsID=130", + "refsource": "CONFIRM", + "url": "http://www.webspell.org/index.php?site=news_comments&newsID=130" + }, + { + "name": "webspell-awards-sql-injection(50395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50395" + }, + { + "name": "34862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34862" + }, + { + "name": "http://www.webspell.org/index.php?site=files&file=30", + "refsource": "CONFIRM", + "url": "http://www.webspell.org/index.php?site=files&file=30" + }, + { + "name": "54295", + "refsource": "OSVDB", + "url": "http://osvdb.org/54295" + }, + { + "name": "35016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35016" + }, + { + "name": "54296", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54296" + }, + { + "name": "http://www.webspell.org/", + "refsource": "CONFIRM", + "url": "http://www.webspell.org/" + }, + { + "name": "8622", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8622" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4426.json b/2009/4xxx/CVE-2009-4426.json index 59acc574bb0..51dec31e903 100644 --- a/2009/4xxx/CVE-2009-4426.json +++ b/2009/4xxx/CVE-2009-4426.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/ignition-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/ignition-lfi.txt" - }, - { - "name" : "10569", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10569" - }, - { - "name" : "61225", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61225" - }, - { - "name" : "61226", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61226" - }, - { - "name" : "37836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37836" - }, - { - "name" : "ignition-blog-file-include(54940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0912-exploits/ignition-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/ignition-lfi.txt" + }, + { + "name": "61226", + "refsource": "OSVDB", + "url": "http://osvdb.org/61226" + }, + { + "name": "ignition-blog-file-include(54940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54940" + }, + { + "name": "61225", + "refsource": "OSVDB", + "url": "http://osvdb.org/61225" + }, + { + "name": "10569", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10569" + }, + { + "name": "37836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37836" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4468.json b/2009/4xxx/CVE-2009-4468.json index 6b95ff33ad3..68b1308c255 100644 --- a/2009/4xxx/CVE-2009-4468.json +++ b/2009/4xxx/CVE-2009-4468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10598", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10598" - }, - { - "name" : "37448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37448" - }, - { - "name" : "deluxebb-page-xss(54976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37448" + }, + { + "name": "10598", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10598" + }, + { + "name": "deluxebb-page-xss(54976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54976" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4903.json b/2009/4xxx/CVE-2009-4903.json index 8cc4dbfae91..ba2e3a63caa 100644 --- a/2009/4xxx/CVE-2009-4903.json +++ b/2009/4xxx/CVE-2009-4903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "60905", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60905" - }, - { - "name" : "37661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37661" - }, - { - "name" : "oblog-index-xss(54712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37661" + }, + { + "name": "oblog-index-xss(54712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54712" + }, + { + "name": "60905", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60905" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2009.json b/2012/2xxx/CVE-2012-2009.json index dad3d0659e6..fee8b33659f 100644 --- a/2012/2xxx/CVE-2012-2009.json +++ b/2012/2xxx/CVE-2012-2009.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02775", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417" - }, - { - "name" : "SSRT100853", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417" - }, - { - "name" : "53415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53415" - }, - { - "name" : "1027031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027031" - }, - { - "name" : "49079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49079" + }, + { + "name": "HPSBMU02775", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417" + }, + { + "name": "1027031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027031" + }, + { + "name": "53415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53415" + }, + { + "name": "SSRT100853", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03312417" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2133.json b/2012/2xxx/CVE-2012-2133.json index 1bd6db7bb88..6aebc0d8ca0 100644 --- a/2012/2xxx/CVE-2012-2133.json +++ b/2012/2xxx/CVE-2012-2133.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120424 Re: CVE Request: use after free bug in \"quota\" handling in hugetlb code", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/24/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=817430", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=817430" - }, - { - "name" : "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029" - }, - { - "name" : "DSA-2469", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2469" - }, - { - "name" : "SUSE-SU-2012:0616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html" - }, - { - "name" : "53233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53233" - }, - { - "name" : "linux-kernel-hugepages-dos(75168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029" + }, + { + "name": "DSA-2469", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2469" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=817430", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=817430" + }, + { + "name": "SUSE-SU-2012:0616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html" + }, + { + "name": "[oss-security] 20120424 Re: CVE Request: use after free bug in \"quota\" handling in hugetlb code", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/24/12" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6" + }, + { + "name": "53233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53233" + }, + { + "name": "linux-kernel-hugepages-dos(75168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75168" + }, + { + "name": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2145.json b/2012/2xxx/CVE-2012-2145.json index 1decb5f6826..bbb56458d90 100644 --- a/2012/2xxx/CVE-2012-2145.json +++ b/2012/2xxx/CVE-2012-2145.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=817175", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=817175" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-2616", - "refsource" : "MISC", - "url" : "https://issues.apache.org/jira/browse/QPID-2616" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-4021", - "refsource" : "MISC", - "url" : "https://issues.apache.org/jira/browse/QPID-4021" - }, - { - "name" : "RHSA-2012:1269", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1269.html" - }, - { - "name" : "RHSA-2012:1277", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1277.html" - }, - { - "name" : "55608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55608" - }, - { - "name" : "50573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50573" - }, - { - "name" : "50698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50698" - }, - { - "name" : "50699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50699" - }, - { - "name" : "apache-qpid-broker-dos(78730)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/QPID-4021", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/QPID-4021" + }, + { + "name": "RHSA-2012:1277", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html" + }, + { + "name": "RHSA-2012:1269", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1269.html" + }, + { + "name": "50699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50699" + }, + { + "name": "50698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50698" + }, + { + "name": "apache-qpid-broker-dos(78730)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730" + }, + { + "name": "55608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55608" + }, + { + "name": "50573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50573" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=817175", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=817175" + }, + { + "name": "https://issues.apache.org/jira/browse/QPID-2616", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/QPID-2616" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2944.json b/2012/2xxx/CVE-2012-2944.json index 79deaf435d2..68faab9a642 100644 --- a/2012/2xxx/CVE-2012-2944.json +++ b/2012/2xxx/CVE-2012-2944.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://alioth.debian.org/tracker/?func=detail&aid=313636", - "refsource" : "CONFIRM", - "url" : "http://alioth.debian.org/tracker/?func=detail&aid=313636" - }, - { - "name" : "http://networkupstools.org/docs/user-manual.chunked/apis01.html", - "refsource" : "CONFIRM", - "url" : "http://networkupstools.org/docs/user-manual.chunked/apis01.html" - }, - { - "name" : "http://trac.networkupstools.org/projects/nut/changeset/3633", - "refsource" : "CONFIRM", - "url" : "http://trac.networkupstools.org/projects/nut/changeset/3633" - }, - { - "name" : "DSA-2484", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2484" - }, - { - "name" : "MDVSA-2012:087", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:087" - }, - { - "name" : "openSUSE-SU-2012:1069", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514634" - }, - { - "name" : "53743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53743" - }, - { - "name" : "82409", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82409" - }, - { - "name" : "49348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49348" - }, - { - "name" : "50389", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50389" - }, - { - "name" : "networkupstools-addchar-bo(75980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "networkupstools-addchar-bo(75980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75980" + }, + { + "name": "DSA-2484", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2484" + }, + { + "name": "http://alioth.debian.org/tracker/?func=detail&aid=313636", + "refsource": "CONFIRM", + "url": "http://alioth.debian.org/tracker/?func=detail&aid=313636" + }, + { + "name": "MDVSA-2012:087", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:087" + }, + { + "name": "50389", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50389" + }, + { + "name": "http://trac.networkupstools.org/projects/nut/changeset/3633", + "refsource": "CONFIRM", + "url": "http://trac.networkupstools.org/projects/nut/changeset/3633" + }, + { + "name": "openSUSE-SU-2012:1069", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514634" + }, + { + "name": "49348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49348" + }, + { + "name": "http://networkupstools.org/docs/user-manual.chunked/apis01.html", + "refsource": "CONFIRM", + "url": "http://networkupstools.org/docs/user-manual.chunked/apis01.html" + }, + { + "name": "53743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53743" + }, + { + "name": "82409", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82409" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3008.json b/2012/3xxx/CVE-2012-3008.json index e65f3a060dc..ac24fbe8ec4 100644 --- a/2012/3xxx/CVE-2012-3008.json +++ b/2012/3xxx/CVE-2012-3008.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-201-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-201-01.pdf" - }, - { - "name" : "54609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54609" - }, - { - "name" : "84091", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84091" - }, - { - "name" : "49986", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49986" - }, - { - "name" : "osisoft-piopcda-opc-bo(77131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "osisoft-piopcda-opc-bo(77131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77131" + }, + { + "name": "84091", + "refsource": "OSVDB", + "url": "http://osvdb.org/84091" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-201-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-201-01.pdf" + }, + { + "name": "49986", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49986" + }, + { + "name": "54609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54609" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3077.json b/2012/3xxx/CVE-2012-3077.json index 8e9144cfa26..1c31f74c13d 100644 --- a/2012/3xxx/CVE-2012-3077.json +++ b/2012/3xxx/CVE-2012-3077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3077", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3077", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3228.json b/2012/3xxx/CVE-2012-3228.json index 794ace9b809..b4df297f8ec 100644 --- a/2012/3xxx/CVE-2012-3228.json +++ b/2012/3xxx/CVE-2012-3228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51019" - }, - { - "name" : "flexcubedirectbanking-base-cve20123228(79357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "flexcubedirectbanking-base-cve20123228(79357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79357" + }, + { + "name": "51019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51019" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3806.json b/2012/3xxx/CVE-2012-3806.json index c289a06a311..902e2da9c43 100644 --- a/2012/3xxx/CVE-2012-3806.json +++ b/2012/3xxx/CVE-2012-3806.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3806", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3806", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3968.json b/2012/3xxx/CVE-2012-3968.json index 3197939a149..355e112060c 100644 --- a/2012/3xxx/CVE-2012-3968.json +++ b/2012/3xxx/CVE-2012-3968.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775852", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775852" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "RHSA-2012:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55276" - }, - { - "name" : "oval:org.mitre.oval:def:16280", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775852", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775852" + }, + { + "name": "RHSA-2012:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" + }, + { + "name": "oval:org.mitre.oval:def:16280", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280" + }, + { + "name": "55276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55276" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6527.json b/2012/6xxx/CVE-2012-6527.json index 64e5693cc4b..e8d6704d8b0 100644 --- a/2012/6xxx/CVE-2012-6527.json +++ b/2012/6xxx/CVE-2012-6527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/490070/my-calendar", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/490070/my-calendar" - }, - { - "name" : "http://wordpress.org/extend/plugins/my-calendar/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/my-calendar/changelog/" - }, - { - "name" : "51539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51539" - }, - { - "name" : "47579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47579" - }, - { - "name" : "mycalendar-unspecified-xss(72454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/my-calendar/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/my-calendar/changelog/" + }, + { + "name": "mycalendar-unspecified-xss(72454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72454" + }, + { + "name": "51539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51539" + }, + { + "name": "47579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47579" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/490070/my-calendar", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/490070/my-calendar" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6700.json b/2012/6xxx/CVE-2012-6700.json index 96f46dbee43..19fe2010b5a 100644 --- a/2012/6xxx/CVE-2012-6700.json +++ b/2012/6xxx/CVE-2012-6700.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/02/1" - }, - { - "name" : "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/03/1" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" - }, - { - "name" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch", - "refsource" : "CONFIRM", - "url" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch" - }, - { - "name" : "DSA-3534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" + }, + { + "name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/02/1" + }, + { + "name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch", + "refsource": "CONFIRM", + "url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch" + }, + { + "name": "DSA-3534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3534" + }, + { + "name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1416.json b/2015/1xxx/CVE-2015-1416.json index ea19152dd14..36a0f78efbb 100644 --- a/2015/1xxx/CVE-2015-1416.json +++ b/2015/1xxx/CVE-2015-1416.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/30/9" - }, - { - "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/01/4" - }, - { - "name" : "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/1" - }, - { - "name" : "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/02/6" - }, - { - "name" : "FreeBSD-SA-15:14", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc" - }, - { - "name" : "76116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76116" - }, - { - "name" : "1033110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1" + }, + { + "name": "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9" + }, + { + "name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4" + }, + { + "name": "FreeBSD-SA-15:14", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc" + }, + { + "name": "1033110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033110" + }, + { + "name": "76116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76116" + }, + { + "name": "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5119.json b/2015/5xxx/CVE-2015-5119.json index 21c8b349cca..4ad52a0df29 100644 --- a/2015/5xxx/CVE-2015-5119.json +++ b/2015/5xxx/CVE-2015-5119.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/", - "refsource" : "MISC", - "url" : "http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/" - }, - { - "name" : "http://twitter.com/w3bd3vil/statuses/618168863708962816", - "refsource" : "MISC", - "url" : "http://twitter.com/w3bd3vil/statuses/618168863708962816" - }, - { - "name" : "https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsa15-03.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsa15-03.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" - }, - { - "name" : "GLSA-201507-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-13" - }, - { - "name" : "RHSA-2015:1214", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html" - }, - { - "name" : "openSUSE-SU-2015:1207", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:1210", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html" - }, - { - "name" : "SUSE-SU-2015:1211", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" - }, - { - "name" : "SUSE-SU-2015:1214", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" - }, - { - "name" : "TA15-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA15-195A" - }, - { - "name" : "VU#561288", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/561288" - }, - { - "name" : "75568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75568" - }, - { - "name" : "1032809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032809" + }, + { + "name": "75568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75568" + }, + { + "name": "openSUSE-SU-2015:1207", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html" + }, + { + "name": "TA15-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A" + }, + { + "name": "SUSE-SU-2015:1211", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html" + }, + { + "name": "RHSA-2015:1214", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html" + }, + { + "name": "SUSE-SU-2015:1214", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html" + }, + { + "name": "GLSA-201507-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-13" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsa15-03.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-03.html" + }, + { + "name": "VU#561288", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/561288" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" + }, + { + "name": "https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html" + }, + { + "name": "openSUSE-SU-2015:1210", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html" + }, + { + "name": "http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/", + "refsource": "MISC", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/" + }, + { + "name": "http://twitter.com/w3bd3vil/statuses/618168863708962816", + "refsource": "MISC", + "url": "http://twitter.com/w3bd3vil/statuses/618168863708962816" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5516.json b/2015/5xxx/CVE-2015-5516.json index f47b5c61aa5..04a12488fed 100644 --- a/2015/5xxx/CVE-2015-5516.json +++ b/2015/5xxx/CVE-2015-5516.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html" - }, - { - "name" : "1034686", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034686" - }, - { - "name" : "1034687", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034687", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034687" + }, + { + "name": "1034686", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034686" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5650.json b/2015/5xxx/CVE-2015-5650.json index ae67676d2ac..91ff3799467 100644 --- a/2015/5xxx/CVE-2015-5650.json +++ b/2015/5xxx/CVE-2015-5650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#27462572", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27462572/index.html" - }, - { - "name" : "JVNDB-2015-000147", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27462572", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27462572/index.html" + }, + { + "name": "JVNDB-2015-000147", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000147" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5819.json b/2015/5xxx/CVE-2015-5819.json index 9bb914fe60a..0a662f7f4f9 100644 --- a/2015/5xxx/CVE-2015-5819.json +++ b/2015/5xxx/CVE-2015-5819.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205221" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76766" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205221" + }, + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76766" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-16-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5999.json b/2015/5xxx/CVE-2015-5999.json index 254d02eaa82..ed7a3262b0f 100644 --- a/2015/5xxx/CVE-2015-5999.json +++ b/2015/5xxx/CVE-2015-5999.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-5999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536886/100/0/threaded" - }, - { - "name" : "38707", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38707/" - }, - { - "name" : "20151114 D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF) vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Nov/45" - }, - { - "name" : "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html" - }, - { - "name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", - "refsource" : "CONFIRM", - "url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF" - }, - { - "name" : "77588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20151114 D-link wireless router DIR-816L \u00c3\u00a2\u00e2\u0082\u00ac\u00e2\u0080\u009c Cross-Site Request Forgery (CSRF) vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Nov/45" + }, + { + "name": "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html" + }, + { + "name": "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536886/100/0/threaded" + }, + { + "name": "77588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77588" + }, + { + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", + "refsource": "CONFIRM", + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF" + }, + { + "name": "38707", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38707/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2544.json b/2017/2xxx/CVE-2017-2544.json index 80fba95cb28..caefc1634f4 100644 --- a/2017/2xxx/CVE-2017-2544.json +++ b/2017/2xxx/CVE-2017-2544.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11045.json b/2018/11xxx/CVE-2018-11045.json index d63da6a28f0..32bc1245b56 100644 --- a/2018/11xxx/CVE-2018-11045.json +++ b/2018/11xxx/CVE-2018-11045.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-07-10T04:00:00.000Z", - "ID" : "CVE-2018-11045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pivotal Operations Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.1", - "version_value" : "2.1.6" - }, - { - "affected" : "<", - "version_name" : "2.0", - "version_value" : "2.0.15" - }, - { - "affected" : "<", - "version_name" : "1.12", - "version_value" : "1.12.22" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Random number generation" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-07-10T04:00:00.000Z", + "ID": "CVE-2018-11045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal Operations Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.1", + "version_value": "2.1.6" + }, + { + "affected": "<", + "version_name": "2.0", + "version_value": "2.0.15" + }, + { + "affected": "<", + "version_name": "1.12", + "version_value": "1.12.22" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-11045", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-11045" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Random number generation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-11045", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11045" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11314.json b/2018/11xxx/CVE-2018-11314.json index 7a3a1c7dc72..4dd9250939c 100644 --- a/2018/11xxx/CVE-2018-11314.json +++ b/2018/11xxx/CVE-2018-11314.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325", - "refsource" : "MISC", - "url" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325" - }, - { - "name" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability", - "refsource" : "MISC", - "url" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability", + "refsource": "MISC", + "url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability" + }, + { + "name": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325", + "refsource": "MISC", + "url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11821.json b/2018/11xxx/CVE-2018-11821.json index c98a0711049..13cb3782b0d 100644 --- a/2018/11xxx/CVE-2018-11821.json +++ b/2018/11xxx/CVE-2018-11821.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow or Wraparound in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow or Wraparound in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14279.json b/2018/14xxx/CVE-2018-14279.json index 39c870e4044..09c9551ebfd 100644 --- a/2018/14xxx/CVE-2018-14279.json +++ b/2018/14xxx/CVE-2018-14279.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-739", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-739" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-739", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-739" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15154.json b/2018/15xxx/CVE-2018-15154.json index 23e1295cbe1..1d606c1e775 100644 --- a/2018/15xxx/CVE-2018-15154.json +++ b/2018/15xxx/CVE-2018-15154.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the \"print_command\" global variable in interface/super/edit_globals.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://insecurity.sh/reports/openemr.pdf", - "refsource" : "MISC", - "url" : "https://insecurity.sh/reports/openemr.pdf" - }, - { - "name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", - "refsource" : "MISC", - "url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" - }, - { - "name" : "https://github.com/openemr/openemr/pull/1757", - "refsource" : "CONFIRM", - "url" : "https://github.com/openemr/openemr/pull/1757" - }, - { - "name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", - "refsource" : "CONFIRM", - "url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the \"print_command\" global variable in interface/super/edit_globals.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://insecurity.sh/reports/openemr.pdf", + "refsource": "MISC", + "url": "https://insecurity.sh/reports/openemr.pdf" + }, + { + "name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", + "refsource": "MISC", + "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" + }, + { + "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", + "refsource": "CONFIRM", + "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "name": "https://github.com/openemr/openemr/pull/1757", + "refsource": "CONFIRM", + "url": "https://github.com/openemr/openemr/pull/1757" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15759.json b/2018/15xxx/CVE-2018-15759.json index 951c4c62179..ab2fe210279 100644 --- a/2018/15xxx/CVE-2018-15759.json +++ b/2018/15xxx/CVE-2018-15759.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-11-15T00:00:00.000Z", - "ID" : "CVE-2018-15759", - "STATE" : "PUBLIC", - "TITLE" : "On Demand Services SDK Timing Attack Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "On Demand Services SDK", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "all versions", - "version_value" : "0.24.0" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 9.1, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Timing Discrepancy" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-11-15T00:00:00.000Z", + "ID": "CVE-2018-15759", + "STATE": "PUBLIC", + "TITLE": "On Demand Services SDK Timing Attack Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "On Demand Services SDK", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "all versions", + "version_value": "0.24.0" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-15759", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-15759" - }, - { - "name" : "106019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106019" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Timing Discrepancy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-15759", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-15759" + }, + { + "name": "106019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106019" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15853.json b/2018/15xxx/CVE-2018-15853.json index be186dfa15c..628d1c46a16 100644 --- a/2018/15xxx/CVE-2018-15853.json +++ b/2018/15xxx/CVE-2018-15853.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a", - "refsource" : "MISC", - "url" : "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a" - }, - { - "name" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html", - "refsource" : "MISC", - "url" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html" - }, - { - "name" : "GLSA-201810-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-05" - }, - { - "name" : "USN-3786-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3786-1/" - }, - { - "name" : "USN-3786-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3786-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-05" + }, + { + "name": "USN-3786-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3786-1/" + }, + { + "name": "USN-3786-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3786-2/" + }, + { + "name": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html", + "refsource": "MISC", + "url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html" + }, + { + "name": "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a", + "refsource": "MISC", + "url": "https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15860.json b/2018/15xxx/CVE-2018-15860.json index 1ec65ea2e3e..746fa301d1f 100644 --- a/2018/15xxx/CVE-2018-15860.json +++ b/2018/15xxx/CVE-2018-15860.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15860", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15860", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3762.json b/2018/3xxx/CVE-2018-3762.json index 05269ba4e84..64c9d8cada3 100644 --- a/2018/3xxx/CVE-2018-3762.json +++ b/2018/3xxx/CVE-2018-3762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "<13.0.3, <12.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control - Generic (CWE-284)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "<13.0.3, <12.0.8" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/358339", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/358339" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-002", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-002", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-002" + }, + { + "name": "https://hackerone.com/reports/358339", + "refsource": "MISC", + "url": "https://hackerone.com/reports/358339" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3909.json b/2018/3xxx/CVE-2018-3909.json index 68ad63e3beb..8fd163cb091 100644 --- a/2018/3xxx/CVE-2018-3909.json +++ b/2018/3xxx/CVE-2018-3909.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-3909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung", - "version" : { - "version_data" : [ - { - "version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HTTP Request Smuggling" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-3909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung", + "version": { + "version_data": [ + { + "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8209.json b/2018/8xxx/CVE-2018-8209.json index 2db8ec96805..8643614e88a 100644 --- a/2018/8xxx/CVE-2018-8209.json +++ b/2018/8xxx/CVE-2018-8209.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka \"Windows Wireless Network Profile Information Disclosure Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209" - }, - { - "name" : "104393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104393" - }, - { - "name" : "1041101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka \"Windows Wireless Network Profile Information Disclosure Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104393" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209" + }, + { + "name": "1041101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041101" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8380.json b/2018/8xxx/CVE-2018-8380.json index 7846ee016d9..cb1762cfeac 100644 --- a/2018/8xxx/CVE-2018-8380.json +++ b/2018/8xxx/CVE-2018-8380.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8380", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8380" - }, - { - "name" : "104979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104979" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8380", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8380" + }, + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "104979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104979" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8404.json b/2018/8xxx/CVE-2018-8404.json index 9437506189f..11991315e97 100644 --- a/2018/8xxx/CVE-2018-8404.json +++ b/2018/8xxx/CVE-2018-8404.json @@ -1,184 +1,184 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8404", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8404" - }, - { - "name" : "104999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104999" - }, - { - "name" : "1041466", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104999" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8404", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8404" + }, + { + "name": "1041466", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041466" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8661.json b/2018/8xxx/CVE-2018-8661.json index 97503f7434f..ad09e132d6e 100644 --- a/2018/8xxx/CVE-2018-8661.json +++ b/2018/8xxx/CVE-2018-8661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8870.json b/2018/8xxx/CVE-2018-8870.json index 02d02332089..d435ebc9856 100644 --- a/2018/8xxx/CVE-2018-8870.json +++ b/2018/8xxx/CVE-2018-8870.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-06-29T00:00:00", - "ID" : "CVE-2018-8870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic MyCareLink Patient Monitor", - "version" : { - "version_data" : [ - { - "version_value" : "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE OF HARD-CODED PASSWORD CWE-259" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-06-29T00:00:00", + "ID": "CVE-2018-8870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic MyCareLink Patient Monitor", + "version": { + "version_data": [ + { + "version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED PASSWORD CWE-259" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" + } + ] + } +} \ No newline at end of file