diff --git a/2002/2xxx/CVE-2002-2308.json b/2002/2xxx/CVE-2002-2308.json index b1a639e955f..bf0d1fb05cd 100644 --- a/2002/2xxx/CVE-2002-2308.json +++ b/2002/2xxx/CVE-2002-2308.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020720 Netscape Communicator META Refresh Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000600.html" - }, - { - "name" : "netscape-meta-refresh-dos(9645)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9645.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020720 Netscape Communicator META Refresh Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000600.html" + }, + { + "name": "netscape-meta-refresh-dos(9645)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9645.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0052.json b/2005/0xxx/CVE-2005-0052.json index 418a6cde831..b12e7aa86b8 100644 --- a/2005/0xxx/CVE-2005-0052.json +++ b/2005/0xxx/CVE-2005-0052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0092.json b/2005/0xxx/CVE-2005-0092.json index a3a8f6d253b..6ca49820a41 100644 --- a/2005/0xxx/CVE-2005-0092.json +++ b/2005/0xxx/CVE-2005-0092.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2005:092", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html" - }, - { - "name" : "12599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12599" - }, - { - "name" : "oval:org.mitre.oval:def:11647", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11647" - }, - { - "name" : "red-hat-patch-dos(20620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12599" + }, + { + "name": "red-hat-patch-dos(20620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20620" + }, + { + "name": "RHSA-2005:092", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-092.html" + }, + { + "name": "oval:org.mitre.oval:def:11647", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11647" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0173.json b/2005/0xxx/CVE-2005-0173.json index b6b4a805100..903ca7583c5 100644 --- a/2005/0xxx/CVE-2005-0173.json +++ b/2005/0xxx/CVE-2005-0173.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces" - }, - { - "name" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch" - }, - { - "name" : "CLA-2005:923", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923" - }, - { - "name" : "DSA-667", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-667" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "MDKSA-2005:034", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034" - }, - { - "name" : "RHSA-2005:060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-060.html" - }, - { - "name" : "RHSA-2005:061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-061.html" - }, - { - "name" : "SUSE-SA:2005:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_06_squid.html" - }, - { - "name" : "VU#924198", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/924198" - }, - { - "name" : "20050207 [USN-77-1] Squid vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110780531820947&w=2" - }, - { - "name" : "12431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12431" - }, - { - "name" : "oval:org.mitre.oval:def:10251", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2005:923", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923" + }, + { + "name": "VU#924198", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/924198" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch" + }, + { + "name": "12431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12431" + }, + { + "name": "oval:org.mitre.oval:def:10251", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10251" + }, + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces" + }, + { + "name": "RHSA-2005:061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-061.html" + }, + { + "name": "MDKSA-2005:034", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034" + }, + { + "name": "DSA-667", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-667" + }, + { + "name": "20050207 [USN-77-1] Squid vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110780531820947&w=2" + }, + { + "name": "SUSE-SA:2005:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html" + }, + { + "name": "RHSA-2005:060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-060.html" + }, + { + "name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1187" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0700.json b/2005/0xxx/CVE-2005-0700.json index 96a53d013ea..c97db7deebb 100644 --- a/2005/0xxx/CVE-2005-0700.json +++ b/2005/0xxx/CVE-2005-0700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.frsirt.com/exploits/20050307.aztek.c.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/exploits/20050307.aztek.c.php" - }, - { - "name" : "12745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12745" + }, + { + "name": "http://www.frsirt.com/exploits/20050307.aztek.c.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/exploits/20050307.aztek.c.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1242.json b/2005/1xxx/CVE-2005-1242.json index df72f8f392b..6b4452e3907 100644 --- a/2005/1xxx/CVE-2005-1242.json +++ b/2005/1xxx/CVE-2005-1242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050420 Canonicalization and directory traversal in iSeries FTP security products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/396628" - }, - { - "name" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf", - "refsource" : "MISC", - "url" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf" - }, - { - "name" : "multiple-vendor-security-bypass(20260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050420 Canonicalization and directory traversal in iSeries FTP security products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/396628" + }, + { + "name": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf", + "refsource": "MISC", + "url": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf" + }, + { + "name": "multiple-vendor-security-bypass(20260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1243.json b/2005/1xxx/CVE-2005-1243.json index 7477c176cfd..162212be76d 100644 --- a/2005/1xxx/CVE-2005-1243.json +++ b/2005/1xxx/CVE-2005-1243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050420 Canonicalization and directory traversal in iSeries FTP security products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/396628" - }, - { - "name" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf", - "refsource" : "MISC", - "url" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf" - }, - { - "name" : "multiple-vendor-security-bypass(20260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050420 Canonicalization and directory traversal in iSeries FTP security products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/396628" + }, + { + "name": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf", + "refsource": "MISC", + "url": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf" + }, + { + "name": "multiple-vendor-security-bypass(20260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1334.json b/2005/1xxx/CVE-2005-1334.json index 03efcc2c6a8..a9670a9b135 100644 --- a/2005/1xxx/CVE-2005-1334.json +++ b/2005/1xxx/CVE-2005-1334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1334", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1579. Reason: This candidate is a duplicate of CVE-2005-1579. Notes: All CVE users should reference CVE-2005-1579 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1334", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1579. Reason: This candidate is a duplicate of CVE-2005-1579. Notes: All CVE users should reference CVE-2005-1579 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1431.json b/2005/1xxx/CVE-2005-1431.json index 2a4df4738f9..d086f504b4a 100644 --- a/2005/1xxx/CVE-2005-1431.json +++ b/2005/1xxx/CVE-2005-1431.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25 ", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html" - }, - { - "name" : "RHSA-2005:430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-430.html" - }, - { - "name" : "13477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13477" - }, - { - "name" : "16054", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16054" - }, - { - "name" : "oval:org.mitre.oval:def:9238", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238" - }, - { - "name" : "1013861", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013861" - }, - { - "name" : "15193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15193" - }, - { - "name" : "gnutls-record-parsing-dos(20328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"record packet parsing\" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15193" + }, + { + "name": "RHSA-2005:430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-430.html" + }, + { + "name": "16054", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16054" + }, + { + "name": "13477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13477" + }, + { + "name": "gnutls-record-parsing-dos(20328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20328" + }, + { + "name": "oval:org.mitre.oval:def:9238", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9238" + }, + { + "refsource": "MLIST", + "name": "[gnutls-dev] 20050428 GnuTLS 1.2.3 and 1.0.25", + "url": "http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html" + }, + { + "name": "1013861", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013861" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1680.json b/2005/1xxx/CVE-2005-1680.json index 3f06e47dc6c..c4bbee64f56 100644 --- a/2005/1xxx/CVE-2005-1680.json +++ b/2005/1xxx/CVE-2005-1680.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050519 D-Link DSL routers authentication bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111652806030943&w=2" - }, - { - "name" : "ADV-2005-0573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when /cgi-bin/firmwarecfg is executed, allows remote attackers to bypass authentication (1) if their IP address already exists in /var/tmp/fw_ip or (2) if their request is the first, which causes /var/tmp/fw_ip to be created and contain their IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050519 D-Link DSL routers authentication bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111652806030943&w=2" + }, + { + "name": "ADV-2005-0573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0573" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1971.json b/2005/1xxx/CVE-2005-1971.json index 3d45e4f20ff..4f5acac86bb 100644 --- a/2005/1xxx/CVE-2005-1971.json +++ b/2005/1xxx/CVE-2005-1971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via \"..\" sequences in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00081-06132005", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00081-06132005" - }, - { - "name" : "http://www.interactivephp.com/misc/CHANGELOG.html", - "refsource" : "CONFIRM", - "url" : "http://www.interactivephp.com/misc/CHANGELOG.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via \"..\" sequences in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gulftech.org/?node=research&article_id=00081-06132005", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00081-06132005" + }, + { + "name": "http://www.interactivephp.com/misc/CHANGELOG.html", + "refsource": "CONFIRM", + "url": "http://www.interactivephp.com/misc/CHANGELOG.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4876.json b/2005/4xxx/CVE-2005-4876.json index e6d33964208..8229403188d 100644 --- a/2005/4xxx/CVE-2005-4876.json +++ b/2005/4xxx/CVE-2005-4876.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.igniterealtime.org/issues/browse/JM-430", - "refsource" : "CONFIRM", - "url" : "http://www.igniterealtime.org/issues/browse/JM-430" - }, - { - "name" : "openfire-username-xss(44689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openfire-username-xss(44689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44689" + }, + { + "name": "http://www.igniterealtime.org/issues/browse/JM-430", + "refsource": "CONFIRM", + "url": "http://www.igniterealtime.org/issues/browse/JM-430" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0261.json b/2009/0xxx/CVE-2009-0261.json index 96c322c96ef..18b706f5976 100644 --- a/2009/0xxx/CVE-2009-0261.json +++ b/2009/0xxx/CVE-2009-0261.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\\DefaultSkin\\DefaultSkin.ini file with a large ColumnHeaderSpan value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7839", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7839" - }, - { - "name" : "33373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33373" - }, - { - "name" : "totalvideoplayer-defaultskin-bo(48140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\\DefaultSkin\\DefaultSkin.ini file with a large ColumnHeaderSpan value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7839", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7839" + }, + { + "name": "33373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33373" + }, + { + "name": "totalvideoplayer-defaultskin-bo(48140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48140" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0556.json b/2009/0xxx/CVE-2009-0556.json index fbb130fc909..79ae22a316e 100644 --- a/2009/0xxx/CVE-2009-0556.json +++ b/2009/0xxx/CVE-2009-0556.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503453/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-019", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-019" - }, - { - "name" : "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx" - }, - { - "name" : "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/969136.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/969136.mspx" - }, - { - "name" : "MS09-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" - }, - { - "name" : "TA09-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" - }, - { - "name" : "VU#627331", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/627331" - }, - { - "name" : "34351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34351" - }, - { - "name" : "53182", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53182" - }, - { - "name" : "oval:org.mitre.oval:def:6204", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204" - }, - { - "name" : "oval:org.mitre.oval:def:6279", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279" - }, - { - "name" : "1021967", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021967" - }, - { - "name" : "34572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34572" - }, - { - "name" : "ADV-2009-0915", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0915" - }, - { - "name" : "ADV-2009-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1290" - }, - { - "name" : "powerpoint-unspecified-code-execution(49632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka \"Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-019", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-019" + }, + { + "name": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx" + }, + { + "name": "ADV-2009-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1290" + }, + { + "name": "53182", + "refsource": "OSVDB", + "url": "http://osvdb.org/53182" + }, + { + "name": "MS09-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" + }, + { + "name": "powerpoint-unspecified-code-execution(49632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49632" + }, + { + "name": "34351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34351" + }, + { + "name": "ADV-2009-0915", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0915" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2009/04/02/microsoft-security-advisory-969136.aspx" + }, + { + "name": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx" + }, + { + "name": "oval:org.mitre.oval:def:6279", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6279" + }, + { + "name": "34572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34572" + }, + { + "name": "1021967", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021967" + }, + { + "name": "TA09-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/969136.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/969136.mspx" + }, + { + "name": "VU#627331", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/627331" + }, + { + "name": "20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503453/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:6204", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6204" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0609.json b/2009/0xxx/CVE-2009-0609.json index 17fd5fa9dd2..ebbb90da913 100644 --- a/2009/0xxx/CVE-2009-0609.json +++ b/2009/0xxx/CVE-2009-0609.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1" - }, - { - "name" : "251086", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251086-1" - }, - { - "name" : "33761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33761" - }, - { - "name" : "33923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33761" + }, + { + "name": "251086", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251086-1" + }, + { + "name": "33923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33923" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0661.json b/2009/0xxx/CVE-2009-0661.json index 783a0561a09..3d25a4e3276 100644 --- a/2009/0xxx/CVE-2009-0661.json +++ b/2009/0xxx/CVE-2009-0661.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/17/8" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940" - }, - { - "name" : "http://savannah.nongnu.org/bugs/index.php?25862", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/bugs/index.php?25862" - }, - { - "name" : "http://weechat.flashtux.org/", - "refsource" : "CONFIRM", - "url" : "http://weechat.flashtux.org/" - }, - { - "name" : "DSA-1744", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1744" - }, - { - "name" : "34148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34148" - }, - { - "name" : "52763", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52763" - }, - { - "name" : "34304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34304" - }, - { - "name" : "34328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34328" - }, - { - "name" : "ADV-2009-0758", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0758" - }, - { - "name" : "weechat-ircmessage-dos(49295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://savannah.nongnu.org/bugs/index.php?25862", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/bugs/index.php?25862" + }, + { + "name": "34148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34148" + }, + { + "name": "34304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34304" + }, + { + "name": "http://weechat.flashtux.org/", + "refsource": "CONFIRM", + "url": "http://weechat.flashtux.org/" + }, + { + "name": "52763", + "refsource": "OSVDB", + "url": "http://osvdb.org/52763" + }, + { + "name": "ADV-2009-0758", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0758" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940" + }, + { + "name": "DSA-1744", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1744" + }, + { + "name": "weechat-ircmessage-dos(49295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295" + }, + { + "name": "34328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34328" + }, + { + "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0767.json b/2009/0xxx/CVE-2009-0767.json index 99d86f282f0..3f7fbd84017 100644 --- a/2009/0xxx/CVE-2009-0767.json +++ b/2009/0xxx/CVE-2009-0767.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7993" - }, - { - "name" : "33832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33832" + }, + { + "name": "7993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7993" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1029.json b/2009/1xxx/CVE-2009-1029.json index 508d1720165..790f2a53d76 100644 --- a/2009/1xxx/CVE-2009-1029.json +++ b/2009/1xxx/CVE-2009-1029.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090312 POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501701/100/0/threaded" - }, - { - "name" : "8203", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8203" - }, - { - "name" : "http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt", - "refsource" : "MISC", - "url" : "http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt" - }, - { - "name" : "34093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34093" - }, - { - "name" : "34077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34077" - }, - { - "name" : "poppeeper-date-bo(49215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34093" + }, + { + "name": "http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt", + "refsource": "MISC", + "url": "http://www.krakowlabs.com/res/adv/KL0309ADV-poppeeper_date-bof.txt" + }, + { + "name": "8203", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8203" + }, + { + "name": "20090312 POP Peeper 3.4.0.0 Date Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501701/100/0/threaded" + }, + { + "name": "34077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34077" + }, + { + "name": "poppeeper-date-bo(49215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49215" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1133.json b/2009/1xxx/CVE-2009-1133.json index 6fecc43352d..b99e3fdd03d 100644 --- a/2009/1xxx/CVE-2009-1133.json +++ b/2009/1xxx/CVE-2009-1133.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka \"Remote Desktop Connection Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044" - }, - { - "name" : "TA09-223A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5693", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693" - }, - { - "name" : "1022709", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022709" - }, - { - "name" : "36229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36229" - }, - { - "name" : "ADV-2009-2238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka \"Remote Desktop Connection Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022709", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022709" + }, + { + "name": "TA09-223A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" + }, + { + "name": "oval:org.mitre.oval:def:5693", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693" + }, + { + "name": "ADV-2009-2238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2238" + }, + { + "name": "36229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36229" + }, + { + "name": "MS09-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1360.json b/2009/1xxx/CVE-2009-1360.json index 2865b21e787..f774cbd922c 100644 --- a/2009/1xxx/CVE-2009-1360.json +++ b/2009/1xxx/CVE-2009-1360.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" - }, - { - "name" : "MDVSA-2009:135", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" - }, - { - "name" : "SUSE-SA:2009:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html" - }, - { - "name" : "USN-793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-793-1" - }, - { - "name" : "34602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34602" - }, - { - "name" : "35387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35387" - }, - { - "name" : "35656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:135", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" + }, + { + "name": "SUSE-SA:2009:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html" + }, + { + "name": "35656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35656" + }, + { + "name": "34602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34602" + }, + { + "name": "USN-793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-793-1" + }, + { + "name": "http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2009/04/21/linux-kernel-net_ns-ipv6-null-pointer-dereference/" + }, + { + "name": "35387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35387" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f53a38131a4e7a053c0aa060aba0411242fb6b9" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1450.json b/2009/1xxx/CVE-2009-1450.json index 7d1c01da829..318f9deb767 100644 --- a/2009/1xxx/CVE-2009-1450.json +++ b/2009/1xxx/CVE-2009-1450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7936", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7936", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7936" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1536.json b/2009/1xxx/CVE-2009-1536.json index 55f00ebdc29..484a476cb2f 100644 --- a/2009/1xxx/CVE-2009-1536.json +++ b/2009/1xxx/CVE-2009-1536.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka \"Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx" - }, - { - "name" : "MS09-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036" - }, - { - "name" : "TA09-223A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" - }, - { - "name" : "35985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35985" - }, - { - "name" : "56905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56905" - }, - { - "name" : "oval:org.mitre.oval:def:6393", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393" - }, - { - "name" : "1022715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022715" - }, - { - "name" : "36127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36127" - }, - { - "name" : "ADV-2009-2231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka \"Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6393", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6393" + }, + { + "name": "TA09-223A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" + }, + { + "name": "ADV-2009-2231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2231" + }, + { + "name": "36127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36127" + }, + { + "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx" + }, + { + "name": "MS09-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036" + }, + { + "name": "1022715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022715" + }, + { + "name": "56905", + "refsource": "OSVDB", + "url": "http://osvdb.org/56905" + }, + { + "name": "35985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35985" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1813.json b/2009/1xxx/CVE-2009-1813.json index 24d997f520f..61a913b0df2 100644 --- a/2009/1xxx/CVE-2009-1813.json +++ b/2009/1xxx/CVE-2009-1813.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8683", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8683" - }, - { - "name" : "34970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34970" - }, - { - "name" : "54475", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54475" - }, - { - "name" : "35088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35088" - }, - { - "name" : "ADV-2009-1327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1327" - }, - { - "name" : "submitterscript-index-sql-injection(50552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1327" + }, + { + "name": "8683", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8683" + }, + { + "name": "54475", + "refsource": "OSVDB", + "url": "http://osvdb.org/54475" + }, + { + "name": "34970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34970" + }, + { + "name": "35088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35088" + }, + { + "name": "submitterscript-index-sql-injection(50552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50552" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4860.json b/2009/4xxx/CVE-2009-4860.json index 819e7ee5d09..860c5a0aa28 100644 --- a/2009/4xxx/CVE-2009-4860.json +++ b/2009/4xxx/CVE-2009-4860.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9390", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9390", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9390" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2292.json b/2012/2xxx/CVE-2012-2292.json index 07be331c939..0491d3d9bb9 100644 --- a/2012/2xxx/CVE-2012-2292.json +++ b/2012/2xxx/CVE-2012-2292.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-2292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2547.json b/2012/2xxx/CVE-2012-2547.json index 07b61f8caf9..0b6184cd2fa 100644 --- a/2012/2xxx/CVE-2012-2547.json +++ b/2012/2xxx/CVE-2012-2547.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2547", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2547", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2783.json b/2012/2xxx/CVE-2012-2783.json index 283d6c60486..770fc64bee7 100644 --- a/2012/2xxx/CVE-2012-2783.json +++ b/2012/2xxx/CVE-2012-2783.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to \"freeing the returned frame.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.5.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.5.changelog" - }, - { - "name" : "USN-1705-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1705-1" - }, - { - "name" : "USN-1706-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1706-1" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to \"freeing the returned frame.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.5.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.5.changelog" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "USN-1706-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1706-1" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "USN-1705-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1705-1" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2803.json b/2012/2xxx/CVE-2012-2803.json index 7b8cd70f3e7..fedbc34e005 100644 --- a/2012/2xxx/CVE-2012-2803.json +++ b/2012/2xxx/CVE-2012-2803.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a" - }, - { - "name" : "http://libav.org/releases/libav-0.7.7.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.7.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.8.5.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.8.5.changelog" - }, - { - "name" : "USN-1705-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1705-1" - }, - { - "name" : "USN-1706-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1706-1" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://libav.org/releases/libav-0.8.5.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.8.5.changelog" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "USN-1706-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1706-1" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://libav.org/releases/libav-0.7.7.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.7.changelog" + }, + { + "name": "USN-1705-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1705-1" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3100.json b/2012/3xxx/CVE-2012-3100.json index bf24d228883..f9c99c222b7 100644 --- a/2012/3xxx/CVE-2012-3100.json +++ b/2012/3xxx/CVE-2012-3100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3232.json b/2012/3xxx/CVE-2012-3232.json index 94ab452080c..0b175efb099 100644 --- a/2012/3xxx/CVE-2012-3232.json +++ b/2012/3xxx/CVE-2012-3232.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23094", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23094" - }, - { - "name" : "54109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54109" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23094", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23094" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3794.json b/2012/3xxx/CVE-2012-3794.json index 6955ce8b1c3..a496f3a168f 100644 --- a/2012/3xxx/CVE-2012-3794.json +++ b/2012/3xxx/CVE-2012-3794.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/adv/proservrex_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/proservrex_1-adv.txt" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" - }, - { - "name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" - }, - { - "name" : "https://www.hmisource.com/otasuke/news/2012/0606.html", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/news/2012/0606.html" - }, - { - "name" : "53499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53499" - }, - { - "name" : "49172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49172" - }, - { - "name" : "proserverex-exception-dos(75551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.hmisource.com/otasuke/news/2012/0606.html", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/news/2012/0606.html" + }, + { + "name": "proserverex-exception-dos(75551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75551" + }, + { + "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" + }, + { + "name": "http://aluigi.org/adv/proservrex_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/proservrex_1-adv.txt" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" + }, + { + "name": "53499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53499" + }, + { + "name": "49172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49172" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3871.json b/2012/3xxx/CVE-2012-3871.json index dd2ef8da247..0130b884eae 100644 --- a/2012/3xxx/CVE-2012-3871.json +++ b/2012/3xxx/CVE-2012-3871.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/115285/Openconstructor-CMS-3.12.0-i_hybrid.php-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/115285/Openconstructor-CMS-3.12.0-i_hybrid.php-XSS.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/115285/Openconstructor-CMS-3.12.0-i_hybrid.php-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/115285/Openconstructor-CMS-3.12.0-i_hybrid.php-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6107.json b/2012/6xxx/CVE-2012-6107.json index e4f01ef2fbf..37751738f5d 100644 --- a/2012/6xxx/CVE-2012-6107.json +++ b/2012/6xxx/CVE-2012-6107.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[axis-c-dev] 20130107 JIRA AXIS2C-1619 SSL/TLS hostname validation", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser" - }, - { - "name" : "https://issues.apache.org/jira/browse/AXIS2C-1619", - "refsource" : "MISC", - "url" : "https://issues.apache.org/jira/browse/AXIS2C-1619" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=894372", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=894372" - }, - { - "name" : "57267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57267" - }, - { - "name" : "axis2c-ssl-spoofing(81211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/AXIS2C-1619", + "refsource": "MISC", + "url": "https://issues.apache.org/jira/browse/AXIS2C-1619" + }, + { + "name": "[axis-c-dev] 20130107 JIRA AXIS2C-1619 SSL/TLS hostname validation", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser" + }, + { + "name": "57267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57267" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=894372", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894372" + }, + { + "name": "axis2c-ssl-spoofing(81211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5460.json b/2015/5xxx/CVE-2015-5460.json index 2af767d41f2..8db058f1800 100644 --- a/2015/5xxx/CVE-2015-5460.json +++ b/2015/5xxx/CVE-2015-5460.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150703 Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535930/100/0/threaded" - }, - { - "name" : "20150703 Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/15" - }, - { - "name" : "http://packetstormsecurity.com/files/132552/Snorby-2.6.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132552/Snorby-2.6.2-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/Snorby/snorby/commit/89d7cbcd3697c8a842f1a61b99e9a78f295798fb", - "refsource" : "CONFIRM", - "url" : "https://github.com/Snorby/snorby/commit/89d7cbcd3697c8a842f1a61b99e9a78f295798fb" - }, - { - "name" : "https://github.com/Snorby/snorby/issues/377", - "refsource" : "CONFIRM", - "url" : "https://github.com/Snorby/snorby/issues/377" - }, - { - "name" : "75561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Snorby/snorby/commit/89d7cbcd3697c8a842f1a61b99e9a78f295798fb", + "refsource": "CONFIRM", + "url": "https://github.com/Snorby/snorby/commit/89d7cbcd3697c8a842f1a61b99e9a78f295798fb" + }, + { + "name": "20150703 Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535930/100/0/threaded" + }, + { + "name": "75561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75561" + }, + { + "name": "http://packetstormsecurity.com/files/132552/Snorby-2.6.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132552/Snorby-2.6.2-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/Snorby/snorby/issues/377", + "refsource": "CONFIRM", + "url": "https://github.com/Snorby/snorby/issues/377" + }, + { + "name": "20150703 Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/15" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5848.json b/2015/5xxx/CVE-2015-5848.json index 918282b2234..72af275a077 100644 --- a/2015/5xxx/CVE-2015-5848.json +++ b/2015/5xxx/CVE-2015-5848.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2085.json b/2017/2xxx/CVE-2017-2085.json index 736d1fad698..6faacafb002 100644 --- a/2017/2xxx/CVE-2017-2085.json +++ b/2017/2xxx/CVE-2017-2085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2085", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2085", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11350.json b/2018/11xxx/CVE-2018-11350.json index 7627dd8313f..0029935ca92 100644 --- a/2018/11xxx/CVE-2018-11350.json +++ b/2018/11xxx/CVE-2018-11350.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Jirafeau before 3.4.1. The file \"search by name\" form is affected by one Cross-Site Scripting vulnerability via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Jirafeau before 3.4.1. The file \"search by name\" form is affected by one Cross-Site Scripting vulnerability via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11382.json b/2018/11xxx/CVE-2018-11382.json index 694ec184d8c..85ca693a3c1 100644 --- a/2018/11xxx/CVE-2018-11382.json +++ b/2018/11xxx/CVE-2018-11382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff" - }, - { - "name" : "https://github.com/radare/radare2/issues/10091", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/10091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/10091", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/10091" + }, + { + "name": "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11594.json b/2018/11xxx/CVE-2018-11594.json index 52c92705885..fe792aa74ef 100644 --- a/2018/11xxx/CVE-2018-11594.json +++ b/2018/11xxx/CVE-2018-11594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of \"VOID\" tokens in jsparse.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/espruino/Espruino/commit/c36d30529118aa049797db43f111ddad468aad29", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/commit/c36d30529118aa049797db43f111ddad468aad29" - }, - { - "name" : "https://github.com/espruino/Espruino/files/2022588/input.txt", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/files/2022588/input.txt" - }, - { - "name" : "https://github.com/espruino/Espruino/issues/1434", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/issues/1434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of \"VOID\" tokens in jsparse.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/espruino/Espruino/issues/1434", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/issues/1434" + }, + { + "name": "https://github.com/espruino/Espruino/files/2022588/input.txt", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/files/2022588/input.txt" + }, + { + "name": "https://github.com/espruino/Espruino/commit/c36d30529118aa049797db43f111ddad468aad29", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/commit/c36d30529118aa049797db43f111ddad468aad29" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11841.json b/2018/11xxx/CVE-2018-11841.json index 2b797cd5894..cd5eddcdc7c 100644 --- a/2018/11xxx/CVE-2018-11841.json +++ b/2018/11xxx/CVE-2018-11841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14609.json b/2018/14xxx/CVE-2018-14609.json index c25233fff98..ad5feaf6342 100644 --- a/2018/14xxx/CVE-2018-14609.json +++ b/2018/14xxx/CVE-2018-14609.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=199833", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=199833" - }, - { - "name" : "https://patchwork.kernel.org/patch/10500521/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/10500521/" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "USN-3821-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3821-1/" - }, - { - "name" : "USN-3821-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3821-2/" - }, - { - "name" : "104917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3821-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3821-1/" + }, + { + "name": "104917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104917" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "https://patchwork.kernel.org/patch/10500521/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/10500521/" + }, + { + "name": "USN-3821-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3821-2/" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=199833", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199833" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15272.json b/2018/15xxx/CVE-2018-15272.json index 7d155f21d90..8cbadffebd4 100644 --- a/2018/15xxx/CVE-2018-15272.json +++ b/2018/15xxx/CVE-2018-15272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15528.json b/2018/15xxx/CVE-2018-15528.json index 3a4ed1eccd4..387595b4042 100644 --- a/2018/15xxx/CVE-2018-15528.json +++ b/2018/15xxx/CVE-2018-15528.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the \"select_sso()\" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the \"Login\" button." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180820 [CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2018/Aug/41" - }, - { - "name" : "http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the \"select_sso()\" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the \"Login\" button." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.html" + }, + { + "name": "20180820 [CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2018/Aug/41" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15808.json b/2018/15xxx/CVE-2018-15808.json index 4eddb43775e..f27e0a9fd3c 100644 --- a/2018/15xxx/CVE-2018-15808.json +++ b/2018/15xxx/CVE-2018-15808.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://versprite.com/advisories/posim-evo-for-windows-2/", - "refsource" : "MISC", - "url" : "https://versprite.com/advisories/posim-evo-for-windows-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "POSIM EVO 15.13 for Windows includes hardcoded database credentials for the \"root\" database user. \"root\" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://versprite.com/advisories/posim-evo-for-windows-2/", + "refsource": "MISC", + "url": "https://versprite.com/advisories/posim-evo-for-windows-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15818.json b/2018/15xxx/CVE-2018-15818.json index b147beb6665..60222b88cb1 100644 --- a/2018/15xxx/CVE-2018-15818.json +++ b/2018/15xxx/CVE-2018-15818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15818", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15818", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15979.json b/2018/15xxx/CVE-2018-15979.json index 1a34e34f0c6..9368b58c674 100644 --- a/2018/15xxx/CVE-2018-15979.json +++ b/2018/15xxx/CVE-2018-15979.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NTLM SSO hash theft" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-40.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-40.html" - }, - { - "name" : "105907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105907" - }, - { - "name" : "1042099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NTLM SSO hash theft" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-40.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-40.html" + }, + { + "name": "105907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105907" + }, + { + "name": "1042099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042099" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3070.json b/2018/3xxx/CVE-2018-3070.json index 81ae31618b7..d7bcd9692ef 100644 --- a/2018/3xxx/CVE-2018-3070.json +++ b/2018/3xxx/CVE-2018-3070.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.60 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.40 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.22 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.60 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.40 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.22 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3725-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-1/" - }, - { - "name" : "USN-3725-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3725-2/" - }, - { - "name" : "104766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104766" - }, - { - "name" : "1041294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "USN-3725-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-1/" + }, + { + "name": "1041294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041294" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" + }, + { + "name": "USN-3725-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3725-2/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180726-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180726-0002/" + }, + { + "name": "104766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104766" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3929.json b/2018/3xxx/CVE-2018-3929.json index 636a666ba0e..4b69e3234be 100644 --- a/2018/3xxx/CVE-2018-3929.json +++ b/2018/3xxx/CVE-2018-3929.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-3929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Antenna House", - "version" : { - "version_data" : [ - { - "version_value" : "Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312)" - } - ] - } - } - ] - }, - "vendor_name" : "Antenna House" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out of bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-3929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Antenna House", + "version": { + "version_data": [ + { + "version_value": "Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312)" + } + ] + } + } + ] + }, + "vendor_name": "Antenna House" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0596", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0596", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0596" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3954.json b/2018/3xxx/CVE-2018-3954.json index 1b59f05c2bd..ef19098392b 100644 --- a/2018/3xxx/CVE-2018-3954.json +++ b/2018/3xxx/CVE-2018-3954.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-16T00:00:00", - "ID" : "CVE-2018-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ESeries E1200", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware Version 2.0.09" - } - ] - } - }, - { - "product_name" : "ESeries E2500", - "version" : { - "version_data" : [ - { - "version_value" : "Firmware Version 3.0.04" - } - ] - } - } - ] - }, - "vendor_name" : "Linksys" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-16T00:00:00", + "ID": "CVE-2018-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESeries E1200", + "version": { + "version_data": [ + { + "version_value": "Firmware Version 2.0.09" + } + ] + } + }, + { + "product_name": "ESeries E2500", + "version": { + "version_data": [ + { + "version_value": "Firmware Version 3.0.04" + } + ] + } + } + ] + }, + "vendor_name": "Linksys" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8203.json b/2018/8xxx/CVE-2018-8203.json index cbaba4b80ac..0a8e4f2b22e 100644 --- a/2018/8xxx/CVE-2018-8203.json +++ b/2018/8xxx/CVE-2018-8203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8216.json b/2018/8xxx/CVE-2018-8216.json index f1022cf7119..49d7e0a0e12 100644 --- a/2018/8xxx/CVE-2018-8216.json +++ b/2018/8xxx/CVE-2018-8216.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216" - }, - { - "name" : "104334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104334" - }, - { - "name" : "1041098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041098" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8216" + }, + { + "name": "104334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104334" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8267.json b/2018/8xxx/CVE-2018-8267.json index 1dc2e5a6b4e..6d0be927b77 100644 --- a/2018/8xxx/CVE-2018-8267.json +++ b/2018/8xxx/CVE-2018-8267.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267" - }, - { - "name" : "104404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104404" - }, - { - "name" : "1041099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041099" + }, + { + "name": "104404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104404" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8339.json b/2018/8xxx/CVE-2018-8339.json index cb4fd99a7cb..faa8c842398 100644 --- a/2018/8xxx/CVE-2018-8339.json +++ b/2018/8xxx/CVE-2018-8339.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka \"Windows Installer Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8339", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8339" - }, - { - "name" : "105030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105030" - }, - { - "name" : "1041466", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka \"Windows Installer Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105030" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8339", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8339" + }, + { + "name": "1041466", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041466" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8510.json b/2018/8xxx/CVE-2018-8510.json index 6a353f0c615..5755a103ac5 100644 --- a/2018/8xxx/CVE-2018-8510.json +++ b/2018/8xxx/CVE-2018-8510.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510" - }, - { - "name" : "105470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105470" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105470" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8510" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8865.json b/2018/8xxx/CVE-2018-8865.json index 5686631fe2b..a9ac5c02ca3 100644 --- a/2018/8xxx/CVE-2018-8865.json +++ b/2018/8xxx/CVE-2018-8865.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-03T00:00:00", - "ID" : "CVE-2018-8865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IDS 2102", - "version" : { - "version_data" : [ - { - "version_value" : "2.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Lantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-03T00:00:00", + "ID": "CVE-2018-8865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IDS 2102", + "version": { + "version_data": [ + { + "version_value": "2.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Lantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01" - }, - { - "name" : "104098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01" + }, + { + "name": "104098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104098" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8946.json b/2018/8xxx/CVE-2018-8946.json index fae96e6483d..e9172a4cbcc 100644 --- a/2018/8xxx/CVE-2018-8946.json +++ b/2018/8xxx/CVE-2018-8946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file