From 55e3c54248cde696f2f336c2fd0ef1e626f7b8d7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:04:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0016.json | 34 +-- 2002/0xxx/CVE-2002-0133.json | 190 +++++++-------- 2002/2xxx/CVE-2002-2350.json | 130 +++++----- 2002/2xxx/CVE-2002-2360.json | 150 ++++++------ 2005/0xxx/CVE-2005-0705.json | 180 +++++++------- 2005/0xxx/CVE-2005-0961.json | 150 ++++++------ 2005/0xxx/CVE-2005-0989.json | 290 +++++++++++----------- 2005/1xxx/CVE-2005-1136.json | 140 +++++------ 2005/1xxx/CVE-2005-1138.json | 130 +++++----- 2005/1xxx/CVE-2005-1402.json | 130 +++++----- 2005/1xxx/CVE-2005-1408.json | 150 ++++++------ 2005/1xxx/CVE-2005-1640.json | 130 +++++----- 2005/1xxx/CVE-2005-1739.json | 240 +++++++++--------- 2005/1xxx/CVE-2005-1983.json | 320 ++++++++++++------------ 2005/4xxx/CVE-2005-4165.json | 170 ++++++------- 2005/4xxx/CVE-2005-4312.json | 160 ++++++------ 2009/0xxx/CVE-2009-0380.json | 150 ++++++------ 2009/0xxx/CVE-2009-0635.json | 180 +++++++------- 2009/1xxx/CVE-2009-1585.json | 130 +++++----- 2009/1xxx/CVE-2009-1647.json | 140 +++++------ 2009/1xxx/CVE-2009-1746.json | 140 +++++------ 2009/1xxx/CVE-2009-1782.json | 190 +++++++-------- 2009/1xxx/CVE-2009-1873.json | 160 ++++++------ 2009/1xxx/CVE-2009-1972.json | 160 ++++++------ 2009/4xxx/CVE-2009-4175.json | 150 ++++++------ 2009/4xxx/CVE-2009-4313.json | 230 +++++++++--------- 2009/4xxx/CVE-2009-4656.json | 150 ++++++------ 2009/4xxx/CVE-2009-4670.json | 130 +++++----- 2009/5xxx/CVE-2009-5021.json | 130 +++++----- 2012/2xxx/CVE-2012-2206.json | 150 ++++++------ 2012/2xxx/CVE-2012-2710.json | 160 ++++++------ 2012/2xxx/CVE-2012-2738.json | 210 ++++++++-------- 2012/3xxx/CVE-2012-3092.json | 34 +-- 2012/3xxx/CVE-2012-3449.json | 180 +++++++------- 2012/3xxx/CVE-2012-3747.json | 150 ++++++------ 2012/3xxx/CVE-2012-3796.json | 170 ++++++------- 2012/4xxx/CVE-2012-4651.json | 120 ++++----- 2012/6xxx/CVE-2012-6374.json | 34 +-- 2012/6xxx/CVE-2012-6486.json | 34 +-- 2012/6xxx/CVE-2012-6588.json | 120 ++++----- 2015/5xxx/CVE-2015-5063.json | 140 +++++------ 2015/5xxx/CVE-2015-5685.json | 140 +++++------ 2015/5xxx/CVE-2015-5853.json | 140 +++++------ 2015/5xxx/CVE-2015-5881.json | 34 +-- 2015/5xxx/CVE-2015-5974.json | 34 +-- 2018/11xxx/CVE-2018-11504.json | 140 +++++------ 2018/11xxx/CVE-2018-11566.json | 34 +-- 2018/11xxx/CVE-2018-11763.json | 212 ++++++++-------- 2018/11xxx/CVE-2018-11972.json | 34 +-- 2018/14xxx/CVE-2018-14121.json | 34 +-- 2018/14xxx/CVE-2018-14258.json | 130 +++++----- 2018/14xxx/CVE-2018-14874.json | 34 +-- 2018/15xxx/CVE-2018-15090.json | 34 +-- 2018/15xxx/CVE-2018-15190.json | 120 ++++----- 2018/15xxx/CVE-2018-15199.json | 120 ++++----- 2018/15xxx/CVE-2018-15424.json | 166 ++++++------- 2018/15xxx/CVE-2018-15494.json | 140 +++++------ 2018/8xxx/CVE-2018-8287.json | 372 ++++++++++++++-------------- 2018/8xxx/CVE-2018-8393.json | 428 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8667.json | 34 +-- 2018/8xxx/CVE-2018-8753.json | 130 +++++----- 2018/8xxx/CVE-2018-8855.json | 182 +++++++------- 62 files changed, 4464 insertions(+), 4464 deletions(-) diff --git a/2002/0xxx/CVE-2002-0016.json b/2002/0xxx/CVE-2002-0016.json index 08faaa1b36b..ee07983a45b 100644 --- a/2002/0xxx/CVE-2002-0016.json +++ b/2002/0xxx/CVE-2002-0016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0133.json b/2002/0xxx/CVE-2002-0133.json index 3da1a088d6c..f129c30263c 100644 --- a/2002/0xxx/CVE-2002-0133.json +++ b/2002/0xxx/CVE-2002-0133.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020117 Avirt Proxy Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/251055" - }, - { - "name" : "20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101164598828092&w=2" - }, - { - "name" : "20020220 Avirt 4.2 question", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101424723728817&w=2" - }, - { - "name" : "20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101366658112809&w=2" - }, - { - "name" : "3904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3904" - }, - { - "name" : "3905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3905" - }, - { - "name" : "avirt-http-proxy-bo(7916)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7916.php" - }, - { - "name" : "avirt-telnet-proxy-bo(7918)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7918.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avirt-telnet-proxy-bo(7918)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7918.php" + }, + { + "name": "20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101366658112809&w=2" + }, + { + "name": "20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101164598828092&w=2" + }, + { + "name": "20020117 Avirt Proxy Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/251055" + }, + { + "name": "avirt-http-proxy-bo(7916)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7916.php" + }, + { + "name": "3905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3905" + }, + { + "name": "3904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3904" + }, + { + "name": "20020220 Avirt 4.2 question", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101424723728817&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2350.json b/2002/2xxx/CVE-2002-2350.json index 740f8539478..eaf2e098fc2 100644 --- a/2002/2xxx/CVE-2002-2350.json +++ b/2002/2xxx/CVE-2002-2350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 XSS bug in Zorum 2.4", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0152.html" - }, - { - "name" : "zorum-zusershow-xss(10337)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10337.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021010 XSS bug in Zorum 2.4", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0152.html" + }, + { + "name": "zorum-zusershow-xss(10337)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10337.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2360.json b/2002/2xxx/CVE-2002-2360.json index bf4441b95e3..2aa895ecc8e 100644 --- a/2002/2xxx/CVE-2002-2360.json +++ b/2002/2xxx/CVE-2002-2360.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5CP0R1P80G.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5CP0R1P80G.html" - }, - { - "name" : "5591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5591" - }, - { - "name" : "webmin-cgi-improper-permissions(9983)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9983.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5591" + }, + { + "name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html" + }, + { + "name": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html" + }, + { + "name": "webmin-cgi-improper-permissions(9983)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9983.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0705.json b/2005/0xxx/CVE-2005-0705.json index 50fb679c2da..4faad77efc7 100644 --- a/2005/0xxx/CVE-2005-0705.json +++ b/2005/0xxx/CVE-2005-0705.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the \"ignore cipher bit\" option enabled. allows remote attackers to cause a denial of service (application crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200503-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml" - }, - { - "name" : "MDKSA-2005:053", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053" - }, - { - "name" : "RHSA-2005:306", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-306.html" - }, - { - "name" : "12762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12762" - }, - { - "name" : "oval:org.mitre.oval:def:10565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the \"ignore cipher bit\" option enabled. allows remote attackers to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200503-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml" + }, + { + "name": "MDKSA-2005:053", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00018.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00018.html" + }, + { + "name": "RHSA-2005:306", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-306.html" + }, + { + "name": "oval:org.mitre.oval:def:10565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10565" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "12762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12762" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0961.json b/2005/0xxx/CVE-2005-0961.json index a9b0b851ba4..1542744641e 100644 --- a/2005/0xxx/CVE-2005-0961.json +++ b/2005/0xxx/CVE-2005-0961.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.horde.org/archives/announce/2005/000176.html", - "refsource" : "CONFIRM", - "url" : "http://lists.horde.org/archives/announce/2005/000176.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h" - }, - { - "name" : "SUSE-SR:2005:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_16_sr.html" - }, - { - "name" : "14730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.horde.org/archives/announce/2005/000176.html", + "refsource": "CONFIRM", + "url": "http://lists.horde.org/archives/announce/2005/000176.html" + }, + { + "name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.49&r2=1.515.2.93&ty=h" + }, + { + "name": "SUSE-SR:2005:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html" + }, + { + "name": "14730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14730" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0989.json b/2005/0xxx/CVE-2005-0989.json index 89fb4ae1d9f..fd2d5e3ff70 100644 --- a/2005/0xxx/CVE-2005-0989.json +++ b/2005/0xxx/CVE-2005-0989.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-33.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-33.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" - }, - { - "name" : "GLSA-200504-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" - }, - { - "name" : "RHSA-2005:383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-383.html" - }, - { - "name" : "RHSA-2005:386", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-386.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "RHSA-2005:601", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-601.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "12988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12988" - }, - { - "name" : "oval:org.mitre.oval:def:100025", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" - }, - { - "name" : "oval:org.mitre.oval:def:11706", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" - }, - { - "name" : "1013635", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013635" - }, - { - "name" : "1013643", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013643" - }, - { - "name" : "14820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14820" - }, - { - "name" : "14821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14821" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:100025", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025" + }, + { + "name": "RHSA-2005:386", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" + }, + { + "name": "12988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12988" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "14820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14820" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "1013635", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013635" + }, + { + "name": "RHSA-2005:601", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html" + }, + { + "name": "GLSA-200504-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" + }, + { + "name": "1013643", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013643" + }, + { + "name": "oval:org.mitre.oval:def:11706", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "RHSA-2005:383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-33.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html" + }, + { + "name": "14821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14821" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1136.json b/2005/1xxx/CVE-2005-1136.json index e20bc6bb09f..77d89d70fbf 100644 --- a/2005/1xxx/CVE-2005-1136.json +++ b/2005/1xxx/CVE-2005-1136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111359320312609&w=2" - }, - { - "name" : "http://echo.or.id/adv/adv12-y3dips-2005.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv12-y3dips-2005.txt" - }, - { - "name" : "http://www.waraxe.us/ftopict-651.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/ftopict-651.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://echo.or.id/adv/adv12-y3dips-2005.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv12-y3dips-2005.txt" + }, + { + "name": "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111359320312609&w=2" + }, + { + "name": "http://www.waraxe.us/ftopict-651.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/ftopict-651.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1138.json b/2005/1xxx/CVE-2005-1138.json index 33525290761..b9101eef981 100644 --- a/2005/1xxx/CVE-2005-1138.json +++ b/2005/1xxx/CVE-2005-1138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kms_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kms_history.html" - }, - { - "name" : "1013708", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013708", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013708" + }, + { + "name": "http://www.kerio.com/kms_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kms_history.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1402.json b/2005/1xxx/CVE-2005-1402.json index b45f5190b7b..88ed81cd95b 100644 --- a/2005/1xxx/CVE-2005-1402.json +++ b/2005/1xxx/CVE-2005-1402.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050501 Clients format string and server crash in Mtp-Target 1.2.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.security-focus.com/archive/1/397304" - }, - { - "name" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050501 Clients format string and server crash in Mtp-Target 1.2.2", + "refsource": "BUGTRAQ", + "url": "http://www.security-focus.com/archive/1/397304" + }, + { + "name": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1408.json b/2005/1xxx/CVE-2005-1408.json index e8b5c842af9..c834818c6e8 100644 --- a/2005/1xxx/CVE-2005-1408.json +++ b/2005/1xxx/CVE-2005-1408.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://remahl.se/david/vuln/016/", - "refsource" : "MISC", - "url" : "http://remahl.se/david/vuln/016/" - }, - { - "name" : "APPLE-SA-2005-05-25", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00005.html" - }, - { - "name" : "1014053", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014053" - }, - { - "name" : "15508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15508" + }, + { + "name": "APPLE-SA-2005-05-25", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00005.html" + }, + { + "name": "http://remahl.se/david/vuln/016/", + "refsource": "MISC", + "url": "http://remahl.se/david/vuln/016/" + }, + { + "name": "1014053", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014053" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1640.json b/2005/1xxx/CVE-2005-1640.json index d8600baf24c..8475191231a 100644 --- a/2005/1xxx/CVE-2005-1640.json +++ b/2005/1xxx/CVE-2005-1640.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries", - "refsource" : "CONFIRM", - "url" : "http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries" - }, - { - "name" : "15388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15388" + }, + { + "name": "http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries", + "refsource": "CONFIRM", + "url": "http://www.ignition-project.com/security/20050414-hosts-delete-owner-access-entries" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1739.json b/2005/1xxx/CVE-2005-1739.json index 05a34aaa5ba..c59016f8d54 100644 --- a/2005/1xxx/CVE-2005-1739.json +++ b/2005/1xxx/CVE-2005-1739.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200505-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200505-16.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=90423", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=90423" - }, - { - "name" : "MDKSA-2005:107", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:107" - }, - { - "name" : "RHSA-2005:480", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-480.html" - }, - { - "name" : "USN-132-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/132-1/" - }, - { - "name" : "13705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13705" - }, - { - "name" : "16774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16774" - }, - { - "name" : "16775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16775" - }, - { - "name" : "oval:org.mitre.oval:def:960", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A960" - }, - { - "name" : "oval:org.mitre.oval:def:11667", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11667" - }, - { - "name" : "15429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15429" - }, - { - "name" : "15446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15446" - }, - { - "name" : "15453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16775" + }, + { + "name": "GLSA-200505-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200505-16.xml" + }, + { + "name": "MDKSA-2005:107", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:107" + }, + { + "name": "13705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13705" + }, + { + "name": "16774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16774" + }, + { + "name": "RHSA-2005:480", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-480.html" + }, + { + "name": "USN-132-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/132-1/" + }, + { + "name": "oval:org.mitre.oval:def:960", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A960" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=90423", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=90423" + }, + { + "name": "15429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15429" + }, + { + "name": "15446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15446" + }, + { + "name": "15453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15453" + }, + { + "name": "oval:org.mitre.oval:def:11667", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11667" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1983.json b/2005/1xxx/CVE-2005-1983.json index 97814cf686e..d54fd085c64 100644 --- a/2005/1xxx/CVE-2005-1983.json +++ b/2005/1xxx/CVE-2005-1983.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-039" - }, - { - "name" : "20050809 Windows Plug and Play Remote Compromise", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/202" - }, - { - "name" : "TA05-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" - }, - { - "name" : "VU#998653", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/998653" - }, - { - "name" : "P-266", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-266.shtml" - }, - { - "name" : "http://www.hsc.fr/ressources/presentations/null_sessions/", - "refsource" : "MISC", - "url" : "http://www.hsc.fr/ressources/presentations/null_sessions/" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html" - }, - { - "name" : "http://www.frsirt.com/english/alerts/20050814.ZotobA.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/english/alerts/20050814.ZotobA.php" - }, - { - "name" : "20050811 Windows 2000 universal exploit for MS05-039", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html" - }, - { - "name" : "14513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14513" - }, - { - "name" : "ADV-2005-1354", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1354" - }, - { - "name" : "oval:org.mitre.oval:def:100073", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100073" - }, - { - "name" : "oval:org.mitre.oval:def:160", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A160" - }, - { - "name" : "oval:org.mitre.oval:def:267", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A267" - }, - { - "name" : "oval:org.mitre.oval:def:474", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A474" - }, - { - "name" : "oval:org.mitre.oval:def:497", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A497" - }, - { - "name" : "oval:org.mitre.oval:def:783", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A783" - }, - { - "name" : "16372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16372" - }, - { - "name" : "1014640", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014640" - }, - { - "name" : "18605", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18605" - }, - { - "name" : "win-plugandplay-bo(21602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-1354", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1354" + }, + { + "name": "oval:org.mitre.oval:def:497", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A497" + }, + { + "name": "http://www.hsc.fr/ressources/presentations/null_sessions/", + "refsource": "MISC", + "url": "http://www.hsc.fr/ressources/presentations/null_sessions/" + }, + { + "name": "18605", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18605" + }, + { + "name": "http://www.frsirt.com/english/alerts/20050814.ZotobA.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/english/alerts/20050814.ZotobA.php" + }, + { + "name": "20050811 Windows 2000 universal exploit for MS05-039", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0384.html" + }, + { + "name": "VU#998653", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/998653" + }, + { + "name": "14513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14513" + }, + { + "name": "oval:org.mitre.oval:def:267", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A267" + }, + { + "name": "P-266", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-266.shtml" + }, + { + "name": "1014640", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014640" + }, + { + "name": "win-plugandplay-bo(21602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21602" + }, + { + "name": "TA05-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" + }, + { + "name": "16372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16372" + }, + { + "name": "20050809 Windows Plug and Play Remote Compromise", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/202" + }, + { + "name": "oval:org.mitre.oval:def:100073", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100073" + }, + { + "name": "MS05-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-039" + }, + { + "name": "oval:org.mitre.oval:def:160", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A160" + }, + { + "name": "oval:org.mitre.oval:def:474", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A474" + }, + { + "name": "oval:org.mitre.oval:def:783", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A783" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5YP0E00GKW.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4165.json b/2005/4xxx/CVE-2005-4165.json index 62392f66200..d90a5be8691 100644 --- a/2005/4xxx/CVE-2005-4165.json +++ b/2005/4xxx/CVE-2005-4165.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the \"Search For\" field in search.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15858" - }, - { - "name" : "21706", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21706" - }, - { - "name" : "21707", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21707" - }, - { - "name" : "21708", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21708" - }, - { - "name" : "1015316", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015316" - }, - { - "name" : "aspdevxmforum-multiple-sql-injection(23511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the \"Search For\" field in search.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21708", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21708" + }, + { + "name": "1015316", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015316" + }, + { + "name": "aspdevxmforum-multiple-sql-injection(23511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23511" + }, + { + "name": "21706", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21706" + }, + { + "name": "15858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15858" + }, + { + "name": "21707", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21707" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4312.json b/2005/4xxx/CVE-2005-4312.json index 9c0529d5c95..58aa4817418 100644 --- a/2005/4xxx/CVE-2005-4312.json +++ b/2005/4xxx/CVE-2005-4312.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html" - }, - { - "name" : "15899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15899" - }, - { - "name" : "ADV-2005-2943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2943" - }, - { - "name" : "21783", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21783" - }, - { - "name" : "18094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html" + }, + { + "name": "15899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15899" + }, + { + "name": "21783", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21783" + }, + { + "name": "ADV-2005-2943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2943" + }, + { + "name": "18094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18094" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0380.json b/2009/0xxx/CVE-2009-0380.json index 8fabdac29b1..14c5e354b03 100644 --- a/2009/0xxx/CVE-2009-0380.json +++ b/2009/0xxx/CVE-2009-0380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither \"showbiz\" nor \"bid\" appears in the source code for SOBI2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7841", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7841" - }, - { - "name" : "20090130 SOBI2 showbiz SQL injection - false, or site-specific", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2009-January/002136.html" - }, - { - "name" : "33378", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33378" - }, - { - "name" : "sobi2-bid-sql-injection(48131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither \"showbiz\" nor \"bid\" appears in the source code for SOBI2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33378", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33378" + }, + { + "name": "7841", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7841" + }, + { + "name": "20090130 SOBI2 showbiz SQL injection - false, or site-specific", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2009-January/002136.html" + }, + { + "name": "sobi2-bid-sql-injection(48131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48131" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0635.json b/2009/0xxx/CVE-2009-0635.json index 977a663a405..22301de9ad9 100644 --- a/2009/0xxx/CVE-2009-0635.json +++ b/2009/0xxx/CVE-2009-0635.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" - }, - { - "name" : "20090325 Cisco IOS cTCP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml" - }, - { - "name" : "34246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34246" - }, - { - "name" : "1021895", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021895" - }, - { - "name" : "34438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34438" - }, - { - "name" : "ADV-2009-0851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0851" - }, - { - "name" : "ios-ctcp-dos(49417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" + }, + { + "name": "20090325 Cisco IOS cTCP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml" + }, + { + "name": "34438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34438" + }, + { + "name": "34246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34246" + }, + { + "name": "ios-ctcp-dos(49417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49417" + }, + { + "name": "1021895", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021895" + }, + { + "name": "ADV-2009-0851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0851" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1585.json b/2009/1xxx/CVE-2009-1585.json index 98797f84fd6..9627d6d9765 100644 --- a/2009/1xxx/CVE-2009-1585.json +++ b/2009/1xxx/CVE-2009-1585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "54244", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54244" - }, - { - "name" : "34983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54244", + "refsource": "OSVDB", + "url": "http://osvdb.org/54244" + }, + { + "name": "34983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34983" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1647.json b/2009/1xxx/CVE-2009-1647.json index 90ad11e81b5..57b4318ec3f 100644 --- a/2009/1xxx/CVE-2009-1647.json +++ b/2009/1xxx/CVE-2009-1647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8526", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8526" - }, - { - "name" : "34699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34699" - }, - { - "name" : "ADV-2009-1170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1170" + }, + { + "name": "34699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34699" + }, + { + "name": "8526", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8526" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1746.json b/2009/1xxx/CVE-2009-1746.json index 3be094cdf4b..4d199ef1e47 100644 --- a/2009/1xxx/CVE-2009-1746.json +++ b/2009/1xxx/CVE-2009-1746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8727", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8727" - }, - { - "name" : "35016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35016" - }, - { - "name" : "54658", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54658", + "refsource": "OSVDB", + "url": "http://osvdb.org/54658" + }, + { + "name": "8727", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8727" + }, + { + "name": "35016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35016" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1782.json b/2009/1xxx/CVE-2009-1782.json index 769ef28bc68..779d1f000d6 100644 --- a/2009/1xxx/CVE-2009-1782.json +++ b/2009/1xxx/CVE-2009-1782.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html" - }, - { - "name" : "34849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34849" - }, - { - "name" : "1022170", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022170" - }, - { - "name" : "1022171", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022171" - }, - { - "name" : "1022172", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022172" - }, - { - "name" : "35008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35008" - }, - { - "name" : "ADV-2009-1262", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1262" - }, - { - "name" : "fsecure-rar-zip-security-bypass(50346)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35008" + }, + { + "name": "1022172", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022172" + }, + { + "name": "ADV-2009-1262", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1262" + }, + { + "name": "1022170", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022170" + }, + { + "name": "fsecure-rar-zip-security-bypass(50346)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50346" + }, + { + "name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html" + }, + { + "name": "34849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34849" + }, + { + "name": "1022171", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022171" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1873.json b/2009/1xxx/CVE-2009-1873.json index 18f9d9fe23f..1eb6970abd4 100644 --- a/2009/1xxx/CVE-2009-1873.json +++ b/2009/1xxx/CVE-2009-1873.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090817 [DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505808/100/0/threaded" - }, - { - "name" : "9443", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9443" - }, - { - "name" : "http://www.dsecrg.com/pages/vul/show.php?id=152", - "refsource" : "MISC", - "url" : "http://www.dsecrg.com/pages/vul/show.php?id=152" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html" - }, - { - "name" : "57186", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9443", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9443" + }, + { + "name": "20090817 [DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505808/100/0/threaded" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html" + }, + { + "name": "57186", + "refsource": "OSVDB", + "url": "http://osvdb.org/57186" + }, + { + "name": "http://www.dsecrg.com/pages/vul/show.php?id=152", + "refsource": "MISC", + "url": "http://www.dsecrg.com/pages/vul/show.php?id=152" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1972.json b/2009/1xxx/CVE-2009-1972.json index dd36f7180dc..a6f66bd699c 100644 --- a/2009/1xxx/CVE-2009-1972.json +++ b/2009/1xxx/CVE-2009-1972.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36758" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "36758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36758" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4175.json b/2009/4xxx/CVE-2009-4175.json index f7d5b03c7ca..fc572433e14 100644 --- a/2009/4xxx/CVE-2009-4175.json +++ b/2009/4xxx/CVE-2009-4175.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507782/100/0/threaded" - }, - { - "name" : "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt", - "refsource" : "MISC", - "url" : "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt" - }, - { - "name" : "36971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36971" - }, - { - "name" : "cutenews-search-path-disclosure(54235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to obtain sensitive information via an invalid date value in the from_date_day parameter to search.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cutenews-search-path-disclosure(54235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54235" + }, + { + "name": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt", + "refsource": "MISC", + "url": "http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt" + }, + { + "name": "20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507782/100/0/threaded" + }, + { + "name": "36971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36971" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4313.json b/2009/4xxx/CVE-2009-4313.json index 01080c92487..2a297db6e2f 100644 --- a/2009/4xxx/CVE-2009-4313.json +++ b/2009/4xxx/CVE-2009-4313.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091208 Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=835" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/954157.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/954157.mspx" - }, - { - "name" : "954157", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/954157" - }, - { - "name" : "955759", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/955759" - }, - { - "name" : "976138", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/976138" - }, - { - "name" : "37251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37251" - }, - { - "name" : "60858", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60858" - }, - { - "name" : "oval:org.mitre.oval:def:12242", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12242" - }, - { - "name" : "1023302", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023302" - }, - { - "name" : "37592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37592" - }, - { - "name" : "ADV-2009-3440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3440" - }, - { - "name" : "ms-ie-content-code-execution(54645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "955759", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/955759" + }, + { + "name": "60858", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60858" + }, + { + "name": "1023302", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023302" + }, + { + "name": "37251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37251" + }, + { + "name": "oval:org.mitre.oval:def:12242", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12242" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/954157.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx" + }, + { + "name": "976138", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/976138" + }, + { + "name": "ADV-2009-3440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3440" + }, + { + "name": "954157", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/954157" + }, + { + "name": "20091208 Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=835" + }, + { + "name": "ms-ie-content-code-execution(54645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645" + }, + { + "name": "37592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37592" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4656.json b/2009/4xxx/CVE-2009-4656.json index b029021c0e0..fedb5aefde7 100644 --- a/2009/4xxx/CVE-2009-4656.json +++ b/2009/4xxx/CVE-2009-4656.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9691", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9691" - }, - { - "name" : "36728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36728" - }, - { - "name" : "ADV-2009-2681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2681" - }, - { - "name" : "djstudio-pls-dos(53310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2681" + }, + { + "name": "36728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36728" + }, + { + "name": "djstudio-pls-dos(53310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53310" + }, + { + "name": "9691", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9691" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4670.json b/2009/4xxx/CVE-2009-4670.json index ec5c21de8c2..30b1e7d27c1 100644 --- a/2009/4xxx/CVE-2009-4670.json +++ b/2009/4xxx/CVE-2009-4670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8797", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8797" - }, - { - "name" : "35237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35237" + }, + { + "name": "8797", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8797" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5021.json b/2009/5xxx/CVE-2009-5021.json index e66b700227d..986633a8bff 100644 --- a/2009/5xxx/CVE-2009-5021.json +++ b/2009/5xxx/CVE-2009-5021.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" - }, - { - "name" : "cobbler-password-weak-security(64734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cobbler-password-weak-security(64734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64734" + }, + { + "name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz", + "refsource": "CONFIRM", + "url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2206.json b/2012/2xxx/CVE-2012-2206.json index 0c34154514d..ca1df2c594b 100644 --- a/2012/2xxx/CVE-2012-2206.json +++ b/2012/2xxx/CVE-2012-2206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20478", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20478/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21607481", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21607481" - }, - { - "name" : "IC82761", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761" - }, - { - "name" : "wmq-ftewg-security-bypass(77095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20478", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20478/" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21607481", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21607481" + }, + { + "name": "wmq-ftewg-security-bypass(77095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77095" + }, + { + "name": "IC82761", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2710.json b/2012/2xxx/CVE-2012-2710.json index 5ec6c697156..875a6fdc478 100644 --- a/2012/2xxx/CVE-2012-2710.json +++ b/2012/2xxx/CVE-2012-2710.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when \"Append the content title to the end of the breadcrumb\" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585960", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585960" - }, - { - "name" : "http://drupal.org/node/628480", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/628480" - }, - { - "name" : "53573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53573" - }, - { - "name" : "zen-breadcrumb-xss(75711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when \"Append the content title to the end of the breadcrumb\" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/628480", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/628480" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "53573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53573" + }, + { + "name": "http://drupal.org/node/1585960", + "refsource": "MISC", + "url": "http://drupal.org/node/1585960" + }, + { + "name": "zen-breadcrumb-xss(75711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75711" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2738.json b/2012/2xxx/CVE-2012-2738.json index c627ae9b9e1..52d5f31264d 100644 --- a/2012/2xxx/CVE-2012-2738.json +++ b/2012/2xxx/CVE-2012-2738.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/6" - }, - { - "name" : "[oss-security] 20120615 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/15/11" - }, - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes" - }, - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=676090", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=676090" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "FEDORA-2012-9546", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html" - }, - { - "name" : "FEDORA-2012-9575", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html" - }, - { - "name" : "openSUSE-SU-2012:0931", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html" - }, - { - "name" : "54281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-9575", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=676090", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=676090" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news" + }, + { + "name": "54281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54281" + }, + { + "name": "[oss-security] 20120615 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/15/11" + }, + { + "name": "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/6" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "openSUSE-SU-2012:0931", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html" + }, + { + "name": "FEDORA-2012-9546", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3092.json b/2012/3xxx/CVE-2012-3092.json index b0800a1ef9f..18afb6b0ba3 100644 --- a/2012/3xxx/CVE-2012-3092.json +++ b/2012/3xxx/CVE-2012-3092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3092", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3092", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3449.json b/2012/3xxx/CVE-2012-3449.json index 1ecc03453e9..6529fa78606 100644 --- a/2012/3xxx/CVE-2012-3449.json +++ b/2012/3xxx/CVE-2012-3449.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/02/6" - }, - { - "name" : "[oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/03/6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=845350", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=845350" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665" - }, - { - "name" : "54789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54789" - }, - { - "name" : "54794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54794" - }, - { - "name" : "openvswitch-privilege-escalation(77417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54789" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=845350", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845350" + }, + { + "name": "54794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54794" + }, + { + "name": "[oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/03/6" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665" + }, + { + "name": "openvswitch-privilege-escalation(77417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417" + }, + { + "name": "[oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/02/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3747.json b/2012/3xxx/CVE-2012-3747.json index 3008fad9286..0b0f4976979 100644 --- a/2012/3xxx/CVE-2012-3747.json +++ b/2012/3xxx/CVE-2012-3747.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "85631", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85631" - }, - { - "name" : "apple-ios-webkit-cve20123747(78725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "85631", + "refsource": "OSVDB", + "url": "http://osvdb.org/85631" + }, + { + "name": "apple-ios-webkit-cve20123747(78725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78725" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3796.json b/2012/3xxx/CVE-2012-3796.json index 2bf510d4203..b37ca0d5659 100644 --- a/2012/3xxx/CVE-2012-3796.json +++ b/2012/3xxx/CVE-2012-3796.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/adv/proservrex_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/proservrex_1-adv.txt" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" - }, - { - "name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" - }, - { - "name" : "https://www.hmisource.com/otasuke/news/2012/0606.html", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/news/2012/0606.html" - }, - { - "name" : "53499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53499" - }, - { - "name" : "49172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.hmisource.com/otasuke/news/2012/0606.html", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/news/2012/0606.html" + }, + { + "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" + }, + { + "name": "http://aluigi.org/adv/proservrex_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/proservrex_1-adv.txt" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" + }, + { + "name": "53499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53499" + }, + { + "name": "49172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49172" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4651.json b/2012/4xxx/CVE-2012-4651.json index 0483591c50d..810f7d32d55 100644 --- a/2012/4xxx/CVE-2012-4651.json +++ b/2012/4xxx/CVE-2012-4651.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/ios/15_3m_and_t/release/notes/15_3m_and_t.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6374.json b/2012/6xxx/CVE-2012-6374.json index fe831bd47a9..31db08a58a0 100644 --- a/2012/6xxx/CVE-2012-6374.json +++ b/2012/6xxx/CVE-2012-6374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6486.json b/2012/6xxx/CVE-2012-6486.json index 1c4c338f0a0..4025fb79289 100644 --- a/2012/6xxx/CVE-2012-6486.json +++ b/2012/6xxx/CVE-2012-6486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6486", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6486", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6588.json b/2012/6xxx/CVE-2012-6588.json index e5c80228dc9..f20eff6a390 100644 --- a/2012/6xxx/CVE-2012-6588.json +++ b/2012/6xxx/CVE-2012-6588.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22711", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/22711/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22711", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/22711/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5063.json b/2015/5xxx/CVE-2015-5063.json index 6ead3e1fd4d..2b77fa08e34 100644 --- a/2015/5xxx/CVE-2015-5063.json +++ b/2015/5xxx/CVE-2015-5063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150609 SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535716/100/0/threaded" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt" + }, + { + "name": "20150609 SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5685.json b/2015/5xxx/CVE-2015-5685.json index feda97f55d6..3b3a96be0da 100644 --- a/2015/5xxx/CVE-2015-5685.json +++ b/2015/5xxx/CVE-2015-5685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to \"improper indexing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-366/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-366/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-367/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-367/" - }, - { - "name" : "https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a", - "refsource" : "CONFIRM", - "url" : "https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to \"improper indexing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-366/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-366/" + }, + { + "name": "https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a", + "refsource": "CONFIRM", + "url": "https://github.com/bittorrent/bootstrap-dht/commit/e809ea80e3527e32c40756eddd8b2ae44bc3af1a" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-367/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-367/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5853.json b/2015/5xxx/CVE-2015-5853.json index 2905f39d389..46c2a68a378 100644 --- a/2015/5xxx/CVE-2015-5853.json +++ b/2015/5xxx/CVE-2015-5853.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5881.json b/2015/5xxx/CVE-2015-5881.json index 9513d925c34..563a4a0ae7d 100644 --- a/2015/5xxx/CVE-2015-5881.json +++ b/2015/5xxx/CVE-2015-5881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5881", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7760, CVE-2015-7761. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-7760 and CVE-2015-7761 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5881", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7760, CVE-2015-7761. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-7760 and CVE-2015-7761 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5974.json b/2015/5xxx/CVE-2015-5974.json index f76554e6dd8..dcf141b15b7 100644 --- a/2015/5xxx/CVE-2015-5974.json +++ b/2015/5xxx/CVE-2015-5974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5974", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5974", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11504.json b/2018/11xxx/CVE-2018-11504.json index 9b13e188ad0..6dad1ebb75a 100644 --- a/2018/11xxx/CVE-2018-11504.json +++ b/2018/11xxx/CVE-2018-11504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180908 [SECURITY] [DLA 1499-1] discount security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00009.html" - }, - { - "name" : "https://github.com/Orc/discount/issues/189#issuecomment-392247798", - "refsource" : "MISC", - "url" : "https://github.com/Orc/discount/issues/189#issuecomment-392247798" - }, - { - "name" : "DSA-4293", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Orc/discount/issues/189#issuecomment-392247798", + "refsource": "MISC", + "url": "https://github.com/Orc/discount/issues/189#issuecomment-392247798" + }, + { + "name": "[debian-lts-announce] 20180908 [SECURITY] [DLA 1499-1] discount security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00009.html" + }, + { + "name": "DSA-4293", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4293" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11566.json b/2018/11xxx/CVE-2018-11566.json index 6b9bc35eb44..c09d3932d22 100644 --- a/2018/11xxx/CVE-2018-11566.json +++ b/2018/11xxx/CVE-2018-11566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11763.json b/2018/11xxx/CVE-2018-11763.json index 5cdb7f052bb..58f8e380187 100644 --- a/2018/11xxx/CVE-2018-11763.json +++ b/2018/11xxx/CVE-2018-11763.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-09-25T00:00:00", - "ID" : "CVE-2018-11763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.17 to 2.4.34" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "mod_http2, DoS via continuous SETTINGS frames" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-09-25T00:00:00", + "ID": "CVE-2018-11763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.17 to 2.4.34" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190204-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190204-0004/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "USN-3783-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3783-1/" - }, - { - "name" : "105414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105414" - }, - { - "name" : "1041713", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mod_http2, DoS via continuous SETTINGS frames" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "105414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105414" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190204-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190204-0004/" + }, + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "USN-3783-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3783-1/" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "1041713", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041713" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11972.json b/2018/11xxx/CVE-2018-11972.json index a0b5c2f925a..e14af6d8808 100644 --- a/2018/11xxx/CVE-2018-11972.json +++ b/2018/11xxx/CVE-2018-11972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14121.json b/2018/14xxx/CVE-2018-14121.json index 0d0cd4e75d0..36cbe781452 100644 --- a/2018/14xxx/CVE-2018-14121.json +++ b/2018/14xxx/CVE-2018-14121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14258.json b/2018/14xxx/CVE-2018-14258.json index 96102e0d075..0300752a420 100644 --- a/2018/14xxx/CVE-2018-14258.json +++ b/2018/14xxx/CVE-2018-14258.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-718", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-718" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-718", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-718" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14874.json b/2018/14xxx/CVE-2018-14874.json index 5aa913ff8de..e871ef21173 100644 --- a/2018/14xxx/CVE-2018-14874.json +++ b/2018/14xxx/CVE-2018-14874.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14874", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14874", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15090.json b/2018/15xxx/CVE-2018-15090.json index 70538c67511..bfd13a07569 100644 --- a/2018/15xxx/CVE-2018-15090.json +++ b/2018/15xxx/CVE-2018-15090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15190.json b/2018/15xxx/CVE-2018-15190.json index 12ce13150c9..71ae5c19627 100644 --- a/2018/15xxx/CVE-2018-15190.json +++ b/2018/15xxx/CVE-2018-15190.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gkaim.com/cve-2018-15190-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-15190-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gkaim.com/cve-2018-15190-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-15190-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15199.json b/2018/15xxx/CVE-2018-15199.json index 48281645c15..e9bdac54f70 100644 --- a/2018/15xxx/CVE-2018-15199.json +++ b/2018/15xxx/CVE-2018-15199.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/auracms/AuraCMS/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/auracms/AuraCMS/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/auracms/AuraCMS/issues/1", + "refsource": "MISC", + "url": "https://github.com/auracms/AuraCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15424.json b/2018/15xxx/CVE-2018-15424.json index 80fee325e9f..0ee6ce30a39 100644 --- a/2018/15xxx/CVE-2018-15424.json +++ b/2018/15xxx/CVE-2018-15424.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15424", - "STATE" : "PUBLIC", - "TITLE" : "Multiple Vulnerabilities in Cisco Identity Services Engine" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "4.7", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15424", + "STATE": "PUBLIC", + "TITLE": "Multiple Vulnerabilities in Cisco Identity Services Engine" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns" - }, - { - "name" : "1041792", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041792" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-ise-mult-vulns", - "defect" : [ - [ - "CSCvj62592", - "CSCvj62614" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns" + }, + { + "name": "1041792", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041792" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-ise-mult-vulns", + "defect": [ + [ + "CSCvj62592", + "CSCvj62614" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15494.json b/2018/15xxx/CVE-2018-15494.json index 269432334c1..d5940875c63 100644 --- a/2018/15xxx/CVE-2018-15494.json +++ b/2018/15xxx/CVE-2018-15494.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html" - }, - { - "name" : "https://dojotoolkit.org/blog/dojo-1-14-released", - "refsource" : "MISC", - "url" : "https://dojotoolkit.org/blog/dojo-1-14-released" - }, - { - "name" : "https://github.com/dojo/dojox/pull/283", - "refsource" : "MISC", - "url" : "https://github.com/dojo/dojox/pull/283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dojotoolkit.org/blog/dojo-1-14-released", + "refsource": "MISC", + "url": "https://dojotoolkit.org/blog/dojo-1-14-released" + }, + { + "name": "[debian-lts-announce] 20180903 [SECURITY] [DLA 1492-1] dojo security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00002.html" + }, + { + "name": "https://github.com/dojo/dojox/pull/283", + "refsource": "MISC", + "url": "https://github.com/dojo/dojox/pull/283" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8287.json b/2018/8xxx/CVE-2018-8287.json index 6a611e58ef4..68c38bc1024 100644 --- a/2018/8xxx/CVE-2018-8287.json +++ b/2018/8xxx/CVE-2018-8287.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287" - }, - { - "name" : "104634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104634" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - }, - { - "name" : "1041258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287" + }, + { + "name": "104634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104634" + }, + { + "name": "1041258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041258" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8393.json b/2018/8xxx/CVE-2018-8393.json index 9621e4b9fd5..51ef0ebbf8b 100644 --- a/2018/8xxx/CVE-2018-8393.json +++ b/2018/8xxx/CVE-2018-8393.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8393", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8393" - }, - { - "name" : "105214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105214" - }, - { - "name" : "1041625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8393", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8393" + }, + { + "name": "105214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105214" + }, + { + "name": "1041625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041625" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8667.json b/2018/8xxx/CVE-2018-8667.json index c0ad0ec82b3..5696f8f5f72 100644 --- a/2018/8xxx/CVE-2018-8667.json +++ b/2018/8xxx/CVE-2018-8667.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8667", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8667", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8753.json b/2018/8xxx/CVE-2018-8753.json index 5bd0ce42af9..82214535da0 100644 --- a/2018/8xxx/CVE-2018-8753.json +++ b/2018/8xxx/CVE-2018-8753.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html", - "refsource" : "MISC", - "url" : "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html" - }, - { - "name" : "https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1", - "refsource" : "CONFIRM", - "url" : "https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html", + "refsource": "MISC", + "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html" + }, + { + "name": "https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1", + "refsource": "CONFIRM", + "url": "https://www.clavister.com/advisories/security/clav-sa-0157-bleichenbacher-oracle-vulnerability-in-ikev1" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8855.json b/2018/8xxx/CVE-2018-8855.json index c1ab23040f4..af270bf8c7c 100644 --- a/2018/8xxx/CVE-2018-8855.json +++ b/2018/8xxx/CVE-2018-8855.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-8855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SmartServer 1", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - }, - { - "product_name" : "SmartServer 2", - "version" : { - "version_data" : [ - { - "version_value" : "all versions prior to release 4.11.007" - } - ] - } - }, - { - "product_name" : "i.LON 100", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - }, - { - "product_name" : "i.LON 600", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "Echelon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-8855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartServer 1", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SmartServer 2", + "version": { + "version_data": [ + { + "version_value": "all versions prior to release 4.11.007" + } + ] + } + }, + { + "product_name": "i.LON 100", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "i.LON 600", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "Echelon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03" + } + ] + } +} \ No newline at end of file