diff --git a/2002/0xxx/CVE-2002-0078.json b/2002/0xxx/CVE-2002-0078.json index c793c253510..7e25773cf5c 100644 --- a/2002/0xxx/CVE-2002-0078.json +++ b/2002/0xxx/CVE-2002-0078.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the \"Cookie-based Script Execution\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020330 IE: Remote webpage can script in local zone", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101781180528301&w=2" - }, - { - "name" : "MS02-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015" - }, - { - "name" : "4392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4392" - }, - { - "name" : "ie-cookie-local-zone(8701)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8701.php" - }, - { - "name" : "3029", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3029" - }, - { - "name" : "oval:org.mitre.oval:def:96", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the \"Cookie-based Script Execution\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015" + }, + { + "name": "ie-cookie-local-zone(8701)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8701.php" + }, + { + "name": "3029", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3029" + }, + { + "name": "oval:org.mitre.oval:def:96", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96" + }, + { + "name": "4392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4392" + }, + { + "name": "20020330 IE: Remote webpage can script in local zone", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101781180528301&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0724.json b/2002/0xxx/CVE-2002-0724.json index c80ceaac8e1..a627f60fd04 100644 --- a/2002/0xxx/CVE-2002-0724.json +++ b/2002/0xxx/CVE-2002-0724.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka \"Unchecked Buffer in Network Share Provider Can Lead to Denial of Service\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020822 CORE-20020618: Vulnerabilities in Windows SMB (DoS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103011556323184&w=2" - }, - { - "name" : "MS02-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045" - }, - { - "name" : "VU#311619", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/311619" - }, - { - "name" : "VU#342243", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/342243" - }, - { - "name" : "VU#250635", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/250635" - }, - { - "name" : "oval:org.mitre.oval:def:189", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka \"Unchecked Buffer in Network Share Provider Can Lead to Denial of Service\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020822 CORE-20020618: Vulnerabilities in Windows SMB (DoS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103011556323184&w=2" + }, + { + "name": "VU#342243", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/342243" + }, + { + "name": "oval:org.mitre.oval:def:189", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189" + }, + { + "name": "VU#250635", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/250635" + }, + { + "name": "MS02-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045" + }, + { + "name": "VU#311619", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/311619" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0758.json b/2002/0xxx/CVE-2002-0758.json index ffa371e67eb..60980ad876a 100644 --- a/2002/0xxx/CVE-2002-0758.json +++ b/2002/0xxx/CVE-2002-0758.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SuSE-SA:2002:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_016_sysconfig_txt.html" - }, - { - "name" : "4695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4695" - }, - { - "name" : "suse-sysconfig-command-execution(9040)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9040.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4695" + }, + { + "name": "suse-sysconfig-command-execution(9040)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9040.php" + }, + { + "name": "SuSE-SA:2002:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_016_sysconfig_txt.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2331.json b/2002/2xxx/CVE-2002-2331.json index 13bf6025f18..34b1b8b512a 100644 --- a/2002/2xxx/CVE-2002-2331.json +++ b/2002/2xxx/CVE-2002-2331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 Medium security hole affecting W3Mail", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284232" - }, - { - "name" : "5314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5314" - }, - { - "name" : "w3mail-mime-attachment-execution(9680)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9680.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 Medium security hole affecting W3Mail", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284232" + }, + { + "name": "5314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5314" + }, + { + "name": "w3mail-mime-attachment-execution(9680)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9680.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2423.json b/2002/2xxx/CVE-2002-2423.json index 63021a809dc..dd424cabbd5 100644 --- a/2002/2xxx/CVE-2002-2423.json +++ b/2002/2xxx/CVE-2002-2423.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020921 Sendmail logging and short string precision allows anonymous commands/relay", - "refsource" : "BUGTRAQ", - "url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2002/09/msg00267.html" - }, - { - "name" : "5770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5770" - }, - { - "name" : "sendmail-ident-logging-bypass(10153)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10153.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5770" + }, + { + "name": "20020921 Sendmail logging and short string precision allows anonymous commands/relay", + "refsource": "BUGTRAQ", + "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2002/09/msg00267.html" + }, + { + "name": "sendmail-ident-logging-bypass(10153)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10153.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0032.json b/2005/0xxx/CVE-2005-0032.json index 6c1ca5c4c54..931d3f8df36 100644 --- a/2005/0xxx/CVE-2005-0032.json +++ b/2005/0xxx/CVE-2005-0032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0032", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0032", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0480.json b/2005/0xxx/CVE-2005-0480.json index 55dbe67dfd2..84737a56f92 100644 --- a/2005/0xxx/CVE-2005-0480.json +++ b/2005/0xxx/CVE-2005-0480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 Multiple vulnerabilities in TrackerCam 5.12", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390918" - }, - { - "name" : "12592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12592" - }, - { - "name" : "trackercam-xss(19416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050218 Multiple vulnerabilities in TrackerCam 5.12", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390918" + }, + { + "name": "12592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12592" + }, + { + "name": "trackercam-xss(19416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19416" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0536.json b/2005/0xxx/CVE-2005-0536.json index 896fbdd6cf6..10713671d5f 100644 --- a/2005/0xxx/CVE-2005-0536.json +++ b/2005/0xxx/CVE-2005-0536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=307067", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=307067" - }, - { - "name" : "GLSA-200502-33", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml" - }, - { - "name" : "1013260", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013260" - }, - { - "name" : "14360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013260", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013260" + }, + { + "name": "GLSA-200502-33", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=307067", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=307067" + }, + { + "name": "14360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14360" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0590.json b/2005/0xxx/CVE-2005-0590.json index fa1d34b7f29..9908483323f 100644 --- a/2005/0xxx/CVE-2005-0590.json +++ b/2005/0xxx/CVE-2005-0590.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-17.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268059" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "12659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12659" - }, - { - "name" : "oval:org.mitre.oval:def:100041", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041" - }, - { - "name" : "oval:org.mitre.oval:def:10010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long \"user:pass\" sequence in the URL, which appears before the real hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12659" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-17.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-17.html" + }, + { + "name": "oval:org.mitre.oval:def:100041", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100041" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=268059", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=268059" + }, + { + "name": "oval:org.mitre.oval:def:10010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10010" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1032.json b/2005/1xxx/CVE-2005-1032.json index 00bad8d1b9b..ff143c5700f 100644 --- a/2005/1xxx/CVE-2005-1032.json +++ b/2005/1xxx/CVE-2005-1032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1032", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying \"These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact.\" Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-1032", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying \"These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact.\" Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1181.json b/2005/1xxx/CVE-2005-1181.json index 46c73374baf..30a827de876 100644 --- a/2005/1xxx/CVE-2005-1181.json +++ b/2005/1xxx/CVE-2005-1181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the \"ariadne.inc\" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15549", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15549" - }, - { - "name" : "1013721", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013721" - }, - { - "name" : "ariadne-loaderphp-file-include(20611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the \"ariadne.inc\" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15549", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15549" + }, + { + "name": "1013721", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013721" + }, + { + "name": "ariadne-loaderphp-file-include(20611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20611" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1625.json b/2005/1xxx/CVE-2005-1625.json index c4623150eeb..21c0eb05c4b 100644 --- a/2005/1xxx/CVE-2005-1625.json +++ b/2005/1xxx/CVE-2005-1625.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050705 iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=279&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/techdocs/329083.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/329083.html" - }, - { - "name" : "RHSA-2005:575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-575.html" - }, - { - "name" : "SUSE-SA:2005:042", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_42_acroread.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050705 iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=279&type=vulnerabilities" + }, + { + "name": "http://www.adobe.com/support/techdocs/329083.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/329083.html" + }, + { + "name": "RHSA-2005:575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-575.html" + }, + { + "name": "SUSE-SA:2005:042", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_42_acroread.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1917.json b/2005/1xxx/CVE-2005-1917.json index 096345bbd70..db8e54927ad 100644 --- a/2005/1xxx/CVE-2005-1917.json +++ b/2005/1xxx/CVE-2005-1917.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zataz.net/adviso/kpopper-06152005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/kpopper-06152005.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zataz.net/adviso/kpopper-06152005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/kpopper-06152005.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4427.json b/2005/4xxx/CVE-2005-4427.json index bfeefa1dded..beee0c95f4e 100644 --- a/2005/4xxx/CVE-2005-4427.json +++ b/2005/4xxx/CVE-2005-4427.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051225 Cerberus Helpdesk multiple vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420271/100/0/threaded" - }, - { - "name" : "20051219 Cerberus Helpdesk vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113500878630130&w=2" - }, - { - "name" : "http://forum.cerberusweb.com/showthread.php?s=&postid=30315", - "refsource" : "CONFIRM", - "url" : "http://forum.cerberusweb.com/showthread.php?s=&postid=30315" - }, - { - "name" : "16062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16062" - }, - { - "name" : "21990", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21990" - }, - { - "name" : "21991", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21991" - }, - { - "name" : "21992", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21992" - }, - { - "name" : "21993", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21993" - }, - { - "name" : "21994", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21994" - }, - { - "name" : "21995", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21995" - }, - { - "name" : "21988", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21988" - }, - { - "name" : "18112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18112" - }, - { - "name" : "cerberus-multiple-sql-injection(23836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21991", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21991" + }, + { + "name": "21993", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21993" + }, + { + "name": "20051219 Cerberus Helpdesk vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113500878630130&w=2" + }, + { + "name": "21992", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21992" + }, + { + "name": "16062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16062" + }, + { + "name": "21995", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21995" + }, + { + "name": "21990", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21990" + }, + { + "name": "18112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18112" + }, + { + "name": "21988", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21988" + }, + { + "name": "21994", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21994" + }, + { + "name": "cerberus-multiple-sql-injection(23836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23836" + }, + { + "name": "20051225 Cerberus Helpdesk multiple vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420271/100/0/threaded" + }, + { + "name": "http://forum.cerberusweb.com/showthread.php?s=&postid=30315", + "refsource": "CONFIRM", + "url": "http://forum.cerberusweb.com/showthread.php?s=&postid=30315" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0088.json b/2009/0xxx/CVE-2009-0088.json index ec674eecf67..60863b2a653 100644 --- a/2009/0xxx/CVE-2009-0088.json +++ b/2009/0xxx/CVE-2009-0088.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782" - }, - { - "name" : "MS09-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010" - }, - { - "name" : "TA09-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" - }, - { - "name" : "53663", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53663" - }, - { - "name" : "oval:org.mitre.oval:def:5736", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736" - }, - { - "name" : "1022043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022043" - }, - { - "name" : "ADV-2009-1024", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka \"Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022043" + }, + { + "name": "20090414 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=782" + }, + { + "name": "oval:org.mitre.oval:def:5736", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5736" + }, + { + "name": "TA09-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" + }, + { + "name": "53663", + "refsource": "OSVDB", + "url": "http://osvdb.org/53663" + }, + { + "name": "MS09-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-010" + }, + { + "name": "ADV-2009-1024", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1024" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0919.json b/2009/0xxx/CVE-2009-0919.json index 338da5c2592..5f9570c128e 100644 --- a/2009/0xxx/CVE-2009-0919.json +++ b/2009/0xxx/CVE-2009-0919.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the \"lampp\" default password for the \"nobody\" account within the included ProFTPD installation, (2) a blank default password for the \"root\" account within the included MySQL installation, (3) a blank default password for the \"pma\" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with \"no contact from / to internet.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ptk.dflabs.com/security.html", - "refsource" : "MISC", - "url" : "http://ptk.dflabs.com/security.html" - }, - { - "name" : "http://www.debianhelp.co.uk/xampp.htm", - "refsource" : "MISC", - "url" : "http://www.debianhelp.co.uk/xampp.htm" - }, - { - "name" : "http://www.ibm.com/developerworks/linux/library/l-xampp/", - "refsource" : "MISC", - "url" : "http://www.ibm.com/developerworks/linux/library/l-xampp/" - }, - { - "name" : "http://www.apachefriends.org/en/faq-xampp-linux.html", - "refsource" : "CONFIRM", - "url" : "http://www.apachefriends.org/en/faq-xampp-linux.html" - }, - { - "name" : "ptk-default-password(49306)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the \"lampp\" default password for the \"nobody\" account within the included ProFTPD installation, (2) a blank default password for the \"root\" account within the included MySQL installation, (3) a blank default password for the \"pma\" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with \"no contact from / to internet.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ptk.dflabs.com/security.html", + "refsource": "MISC", + "url": "http://ptk.dflabs.com/security.html" + }, + { + "name": "ptk-default-password(49306)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49306" + }, + { + "name": "http://www.apachefriends.org/en/faq-xampp-linux.html", + "refsource": "CONFIRM", + "url": "http://www.apachefriends.org/en/faq-xampp-linux.html" + }, + { + "name": "http://www.ibm.com/developerworks/linux/library/l-xampp/", + "refsource": "MISC", + "url": "http://www.ibm.com/developerworks/linux/library/l-xampp/" + }, + { + "name": "http://www.debianhelp.co.uk/xampp.htm", + "refsource": "MISC", + "url": "http://www.debianhelp.co.uk/xampp.htm" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1082.json b/2009/1xxx/CVE-2009-1082.json index ad28b3d7cf8..6d11ee8d851 100644 --- a/2009/1xxx/CVE-2009-1082.json +++ b/2009/1xxx/CVE-2009-1082.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1" - }, - { - "name" : "253267", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" - }, - { - "name" : "34191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34191" - }, - { - "name" : "1021881", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021881" - }, - { - "name" : "34380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34380" - }, - { - "name" : "ADV-2009-0797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1" + }, + { + "name": "253267", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1" + }, + { + "name": "1021881", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021881" + }, + { + "name": "34191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34191" + }, + { + "name": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" + }, + { + "name": "ADV-2009-0797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0797" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" + }, + { + "name": "34380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34380" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1258.json b/2009/1xxx/CVE-2009-1258.json index e418ab7e307..237c7aea359 100644 --- a/2009/1xxx/CVE-2009-1258.json +++ b/2009/1xxx/CVE-2009-1258.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34364" - }, - { - "name" : "53138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53138" - }, - { - "name" : "34578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34578" - }, - { - "name" : "rdautos-makeid-sql-injection(49671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34578" + }, + { + "name": "34364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34364" + }, + { + "name": "rdautos-makeid-sql-injection(49671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49671" + }, + { + "name": "53138", + "refsource": "OSVDB", + "url": "http://osvdb.org/53138" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1296.json b/2009/1xxx/CVE-2009-1296.json index 5c957f66bbf..70e31580cb3 100644 --- a/2009/1xxx/CVE-2009-1296.json +++ b/2009/1xxx/CVE-2009-1296.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2009-1296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-783-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-783-1" - }, - { - "name" : "1022347", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022347" - }, - { - "name" : "35383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35383" - }, - { - "name" : "ecryptfs-passphrase-info-disclosure(51191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35383" + }, + { + "name": "USN-783-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-783-1" + }, + { + "name": "1022347", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022347" + }, + { + "name": "ecryptfs-passphrase-info-disclosure(51191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1674.json b/2009/1xxx/CVE-2009-1674.json index a4cfc7a3f5d..28dd0b1daed 100644 --- a/2009/1xxx/CVE-2009-1674.json +++ b/2009/1xxx/CVE-2009-1674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8656", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8656" - }, - { - "name" : "35054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8656", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8656" + }, + { + "name": "35054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35054" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1881.json b/2009/1xxx/CVE-2009-1881.json index cfb6cde72d9..2787de9b890 100644 --- a/2009/1xxx/CVE-2009-1881.json +++ b/2009/1xxx/CVE-2009-1881.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#70836284", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN70836284/index.html" - }, - { - "name" : "JVNDB-2009-000034", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000034.html" - }, - { - "name" : "54782", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54782" - }, - { - "name" : "35275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2009-000034", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000034.html" + }, + { + "name": "35275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35275" + }, + { + "name": "54782", + "refsource": "OSVDB", + "url": "http://osvdb.org/54782" + }, + { + "name": "JVN#70836284", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN70836284/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1964.json b/2009/1xxx/CVE-2009-1964.json index 4b0eb591f16..7ee289df0fa 100644 --- a/2009/1xxx/CVE-2009-1964.json +++ b/2009/1xxx/CVE-2009-1964.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36755" - }, - { - "name" : "59115", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59115" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36755" + }, + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "59115", + "refsource": "OSVDB", + "url": "http://osvdb.org/59115" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4093.json b/2009/4xxx/CVE-2009-4093.json index 9cb9091611b..3ab9bed24f7 100644 --- a/2009/4xxx/CVE-2009-4093.json +++ b/2009/4xxx/CVE-2009-4093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10180", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10180" - }, - { - "name" : "37063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37063" - }, - { - "name" : "21390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21390" - }, - { - "name" : "simplog-comment-xss(54353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21390" + }, + { + "name": "10180", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10180" + }, + { + "name": "simplog-comment-xss(54353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54353" + }, + { + "name": "37063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37063" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4125.json b/2009/4xxx/CVE-2009-4125.json index 6280b7c2b36..e278782cb28 100644 --- a/2009/4xxx/CVE-2009-4125.json +++ b/2009/4xxx/CVE-2009-4125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4125", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4125", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5129.json b/2009/5xxx/CVE-2009-5129.json index 295b65f8eb5..e558670e744 100644 --- a/2009/5xxx/CVE-2009-5129.json +++ b/2009/5xxx/CVE-2009-5129.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf", - "refsource" : "CONFIRM", - "url" : "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Websense V10000 appliance before 1.0.1 allows remote attackers to cause a denial of service (intermittent LDAP authentication outage) via a login attempt with an incorrect password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf", + "refsource": "CONFIRM", + "url": "http://kb.websense.com/pf/12/webfiles/V10000%20Documentation/V10000%20Patches/v1.0.1/V10000_v1.0.1_ReleaseNotes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2016.json b/2012/2xxx/CVE-2012-2016.json index 9169648e5d6..e9b0dce8313 100644 --- a/2012/2xxx/CVE-2012-2016.json +++ b/2012/2xxx/CVE-2012-2016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-2016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2844.json b/2012/2xxx/CVE-2012-2844.json index 509ddb78b28..37892ecf5c9 100644 --- a/2012/2xxx/CVE-2012-2844.json +++ b/2012/2xxx/CVE-2012-2844.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=133450", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=133450" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:15039", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15039", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15039" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=133450", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=133450" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3174.json b/2012/3xxx/CVE-2012-3174.json index 8b9f4c98e00..88335f4bf87 100644 --- a/2012/3xxx/CVE-2012-3174.json +++ b/2012/3xxx/CVE-2012-3174.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/", - "refsource" : "MISC", - "url" : "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0156", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0156.html" - }, - { - "name" : "RHSA-2013:0165", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0165.html" - }, - { - "name" : "openSUSE-SU-2013:0199", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html" - }, - { - "name" : "USN-1693-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1693-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0156", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/", + "refsource": "MISC", + "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/" + }, + { + "name": "openSUSE-SU-2013:0199", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html" + }, + { + "name": "RHSA-2013:0165", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html" + }, + { + "name": "USN-1693-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1693-1" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3203.json b/2012/3xxx/CVE-2012-3203.json index 72501307107..734e283786c 100644 --- a/2012/3xxx/CVE-2012-3203.json +++ b/2012/3xxx/CVE-2012-3203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "56053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56053" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3204.json b/2012/3xxx/CVE-2012-3204.json index 66aa689dd1d..c17c0706821 100644 --- a/2012/3xxx/CVE-2012-3204.json +++ b/2012/3xxx/CVE-2012-3204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "56048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "56048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56048" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3244.json b/2012/3xxx/CVE-2012-3244.json index 1b212d16edb..95559462d63 100644 --- a/2012/3xxx/CVE-2012-3244.json +++ b/2012/3xxx/CVE-2012-3244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4484.json b/2012/4xxx/CVE-2012-4484.json index 95ad5f41951..ae082112593 100644 --- a/2012/4xxx/CVE-2012-4484.json +++ b/2012/4xxx/CVE-2012-4484.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1691446", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1691446" - }, - { - "name" : "http://drupal.org/node/1689790", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1689790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + }, + { + "name": "http://drupal.org/node/1689790", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1689790" + }, + { + "name": "http://drupal.org/node/1691446", + "refsource": "MISC", + "url": "http://drupal.org/node/1691446" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6203.json b/2012/6xxx/CVE-2012-6203.json index 191d7e3ac9d..2ca0c786191 100644 --- a/2012/6xxx/CVE-2012-6203.json +++ b/2012/6xxx/CVE-2012-6203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6203", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6208.json b/2012/6xxx/CVE-2012-6208.json index 189f73ed4df..c0a017268c8 100644 --- a/2012/6xxx/CVE-2012-6208.json +++ b/2012/6xxx/CVE-2012-6208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6208", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6208", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6476.json b/2012/6xxx/CVE-2012-6476.json index a610b092bac..70ee36f4df0 100644 --- a/2012/6xxx/CVE-2012-6476.json +++ b/2012/6xxx/CVE-2012-6476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6476", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6476", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5204.json b/2015/5xxx/CVE-2015-5204.json index 1de0fdc8ece..68cee5011eb 100644 --- a/2015/5xxx/CVE-2015-5204.json +++ b/2015/5xxx/CVE-2015-5204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cordova.apache.org/news/2015/09/21/file-transfer-release.html", - "refsource" : "CONFIRM", - "url" : "https://cordova.apache.org/news/2015/09/21/file-transfer-release.html" - }, - { - "name" : "76832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cordova.apache.org/news/2015/09/21/file-transfer-release.html", + "refsource": "CONFIRM", + "url": "https://cordova.apache.org/news/2015/09/21/file-transfer-release.html" + }, + { + "name": "76832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76832" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5957.json b/2015/5xxx/CVE-2015-5957.json index 57f7eff9dd4..6f9e17b0d19 100644 --- a/2015/5xxx/CVE-2015-5957.json +++ b/2015/5xxx/CVE-2015-5957.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Remind-Fans] 20150727 Remind 3.1.15 is released", - "refsource" : "MLIST", - "url" : "http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html" - }, - { - "name" : "[oss-security] 20150728 CVE request - remind 3.1.14 and earlier - buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/29/2" - }, - { - "name" : "[oss-security] 20150806 Re: CVE request - remind 3.1.14 and earlier - buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/07/1" - }, - { - "name" : "openSUSE-SU-2015:1579", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html" - }, - { - "name" : "76099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150806 Re: CVE request - remind 3.1.14 and earlier - buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/07/1" + }, + { + "name": "76099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76099" + }, + { + "name": "[Remind-Fans] 20150727 Remind 3.1.15 is released", + "refsource": "MLIST", + "url": "http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html" + }, + { + "name": "[oss-security] 20150728 CVE request - remind 3.1.14 and earlier - buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/29/2" + }, + { + "name": "openSUSE-SU-2015:1579", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2861.json b/2017/2xxx/CVE-2017-2861.json index 9044f15067d..48042bedc9d 100644 --- a/2017/2xxx/CVE-2017-2861.json +++ b/2017/2xxx/CVE-2017-2861.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-04T00:00:00", - "ID" : "CVE-2017-2861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Natus", - "version" : { - "version_data" : [ - { - "version_value" : "Natus Xltek NeuroWorks 8" - } - ] - } - } - ] - }, - "vendor_name" : "Natus Medical Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-04T00:00:00", + "ID": "CVE-2017-2861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Natus", + "version": { + "version_data": [ + { + "version_value": "Natus Xltek NeuroWorks 8" + } + ] + } + } + ] + }, + "vendor_name": "Natus Medical Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365" - }, - { - "name" : "104490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365" + }, + { + "name": "104490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104490" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11372.json b/2018/11xxx/CVE-2018-11372.json index ae619e8ffaa..3f4e3a5481b 100644 --- a/2018/11xxx/CVE-2018-11372.json +++ b/2018/11xxx/CVE-2018-11372.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md", - "refsource" : "MISC", - "url" : "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md", + "refsource": "MISC", + "url": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11533.json b/2018/11xxx/CVE-2018-11533.json index c7cbcdd0f63..43454ade751 100644 --- a/2018/11xxx/CVE-2018-11533.json +++ b/2018/11xxx/CVE-2018-11533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11533", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11533", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11986.json b/2018/11xxx/CVE-2018-11986.json index 7474c8a73ca..93c549422e0 100644 --- a/2018/11xxx/CVE-2018-11986.json +++ b/2018/11xxx/CVE-2018-11986.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14847.json b/2018/14xxx/CVE-2018-14847.json index 0402b121151..35b427d2f5f 100644 --- a/2018/14xxx/CVE-2018-14847.json +++ b/2018/14xxx/CVE-2018-14847.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45578", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45578/" - }, - { - "name" : "https://github.com/BasuCert/WinboxPoC", - "refsource" : "MISC", - "url" : "https://github.com/BasuCert/WinboxPoC" - }, - { - "name" : "https://github.com/BigNerd95/WinboxExploit", - "refsource" : "MISC", - "url" : "https://github.com/BigNerd95/WinboxExploit" - }, - { - "name" : "https://n0p.me/winbox-bug-dissection/", - "refsource" : "MISC", - "url" : "https://n0p.me/winbox-bug-dissection/" - }, - { - "name" : "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf", - "refsource" : "MISC", - "url" : "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf" - }, - { - "name" : "https://github.com/tenable/routeros/tree/master/poc/bytheway", - "refsource" : "MISC", - "url" : "https://github.com/tenable/routeros/tree/master/poc/bytheway" - }, - { - "name" : "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847", - "refsource" : "MISC", - "url" : "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45578", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45578/" + }, + { + "name": "https://github.com/BigNerd95/WinboxExploit", + "refsource": "MISC", + "url": "https://github.com/BigNerd95/WinboxExploit" + }, + { + "name": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf", + "refsource": "MISC", + "url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf" + }, + { + "name": "https://github.com/BasuCert/WinboxPoC", + "refsource": "MISC", + "url": "https://github.com/BasuCert/WinboxPoC" + }, + { + "name": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847", + "refsource": "MISC", + "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847" + }, + { + "name": "https://n0p.me/winbox-bug-dissection/", + "refsource": "MISC", + "url": "https://n0p.me/winbox-bug-dissection/" + }, + { + "name": "https://github.com/tenable/routeros/tree/master/poc/bytheway", + "refsource": "MISC", + "url": "https://github.com/tenable/routeros/tree/master/poc/bytheway" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14913.json b/2018/14xxx/CVE-2018-14913.json index 1f0b1c14d8e..e3e788384e0 100644 --- a/2018/14xxx/CVE-2018-14913.json +++ b/2018/14xxx/CVE-2018-14913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14913", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14913", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14970.json b/2018/14xxx/CVE-2018-14970.json index 56555285460..44721c682dd 100644 --- a/2018/14xxx/CVE-2018-14970.json +++ b/2018/14xxx/CVE-2018-14970.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/QCMS/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/QCMS/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15299.json b/2018/15xxx/CVE-2018-15299.json index 51f3a9668c2..12c542ed437 100644 --- a/2018/15xxx/CVE-2018-15299.json +++ b/2018/15xxx/CVE-2018-15299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15369.json b/2018/15xxx/CVE-2018-15369.json index 34a8057e98e..a5ca147c7a4 100644 --- a/2018/15xxx/CVE-2018-15369.json +++ b/2018/15xxx/CVE-2018-15369.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-15369", - "STATE" : "PUBLIC", - "TITLE" : "Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS Software", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-15369", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS Software", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus" - }, - { - "name" : "105426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105426" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-tacplus", - "defect" : [ - [ - "CSCux66796" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus" + }, + { + "name": "105426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105426" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-tacplus", + "defect": [ + [ + "CSCux66796" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15395.json b/2018/15xxx/CVE-2018-15395.json index 40c6369848a..554a91748da 100644 --- a/2018/15xxx/CVE-2018-15395.json +++ b/2018/15xxx/CVE-2018-15395.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-17T16:00:00-0500", - "ID" : "CVE-2018-15395", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller (WLC) ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "5.4", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-17T16:00:00-0500", + "ID": "CVE-2018-15395", + "STATE": "PUBLIC", + "TITLE": "Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller (WLC) ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181017 Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlan-escalation" - }, - { - "name" : "105676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105676" - }, - { - "name" : "1041925", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041925" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181017-wlan-escalation", - "defect" : [ - [ - "CSCvi49059" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181017 Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlan-escalation" + }, + { + "name": "1041925", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041925" + }, + { + "name": "105676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105676" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181017-wlan-escalation", + "defect": [ + [ + "CSCvi49059" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15468.json b/2018/15xxx/CVE-2018-15468.json index 1c63f70c9bf..170cb4ea1ff 100644 --- a/2018/15xxx/CVE-2018-15468.json +++ b/2018/15xxx/CVE-2018-15468.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-269.html", - "refsource" : "MISC", - "url" : "http://xenbits.xen.org/xsa/advisory-269.html" - }, - { - "name" : "GLSA-201810-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/advisory-269.html", + "refsource": "MISC", + "url": "http://xenbits.xen.org/xsa/advisory-269.html" + }, + { + "name": "GLSA-201810-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-06" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15816.json b/2018/15xxx/CVE-2018-15816.json index 40739312473..019b986ce04 100644 --- a/2018/15xxx/CVE-2018-15816.json +++ b/2018/15xxx/CVE-2018-15816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15816", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15816", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8161.json b/2018/8xxx/CVE-2018-8161.json index 259a3cdfacf..52760377dba 100644 --- a/2018/8xxx/CVE-2018-8161.json +++ b/2018/8xxx/CVE-2018-8161.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Word", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - }, - { - "product_name" : "Word", - "version" : { - "version_data" : [ - { - "version_value" : "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2" - }, - { - "version_value" : "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "Web Apps 2010 Service Pack 2" - }, - { - "version_value" : "Web Apps Server 2013 Service Pack 1" - } - ] - } - }, - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + }, + { + "product_name": "Word", + "version": { + "version_data": [ + { + "version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2" + }, + { + "version_value": "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "Web Apps 2010 Service Pack 2" + }, + { + "version_value": "Web Apps Server 2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161" - }, - { - "name" : "104052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104052" - }, - { - "name" : "1040853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161" + }, + { + "name": "104052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104052" + }, + { + "name": "1040853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040853" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8795.json b/2018/8xxx/CVE-2018-8795.json index 1328db61e1a..a24e452ed03 100644 --- a/2018/8xxx/CVE-2018-8795.json +++ b/2018/8xxx/CVE-2018-8795.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2018-8795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rdesktop", - "version" : { - "version_data" : [ - { - "version_value" : "All versions up to and including v1.8.3" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-680: Integer Overflow to Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2018-8795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rdesktop", + "version": { + "version_data": [ + { + "version_value": "All versions up to and including v1.8.3" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - }, - { - "name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", - "refsource" : "MISC", - "url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" - }, - { - "name" : "DSA-4394", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4394" - }, - { - "name" : "GLSA-201903-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-06" - }, - { - "name" : "106938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-680: Integer Overflow to Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", + "refsource": "MISC", + "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" + }, + { + "name": "GLSA-201903-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-06" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "name": "DSA-4394", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4394" + }, + { + "name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" + } + ] + } +} \ No newline at end of file