diff --git a/2005/0xxx/CVE-2005-0072.json b/2005/0xxx/CVE-2005-0072.json index 1d25804e665..943b62ab09e 100644 --- a/2005/0xxx/CVE-2005-0072.json +++ b/2005/0xxx/CVE-2005-0072.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-655", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-655" - }, - { - "name" : "MDKSA-2005:012", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:012" - }, - { - "name" : "12343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12343" - }, - { - "name" : "1012977", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012977" - }, - { - "name" : "13977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13977" - }, - { - "name" : "13982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13982" - }, - { - "name" : "13987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13987" - }, - { - "name" : "zhcon-information-disclosure(19045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12343" + }, + { + "name": "1012977", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012977" + }, + { + "name": "13982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13982" + }, + { + "name": "MDKSA-2005:012", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:012" + }, + { + "name": "13977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13977" + }, + { + "name": "DSA-655", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-655" + }, + { + "name": "13987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13987" + }, + { + "name": "zhcon-information-disclosure(19045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19045" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0191.json b/2005/0xxx/CVE-2005-0191.json index 32f743c6300..9a7951759e0 100644 --- a/2005/0xxx/CVE-2005-0191.json +++ b/2005/0xxx/CVE-2005-0191.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109707741022291&w=2" - }, - { - "name" : "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110616302008401&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/real-03full.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/real-03full.txt" - }, - { - "name" : "http://service.real.com/help/faq/security/040928_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/040928_player/EN/" - }, - { - "name" : "realplayer-long-filename-offbyone-bo(18982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "realplayer-long-filename-offbyone-bo(18982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18982" + }, + { + "name": "http://www.ngssoftware.com/advisories/real-03full.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/real-03full.txt" + }, + { + "name": "20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110616302008401&w=2" + }, + { + "name": "http://service.real.com/help/faq/security/040928_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/040928_player/EN/" + }, + { + "name": "20041006 Patch available for multiple high risk vulnerabilities in RealPlayer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109707741022291&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0363.json b/2005/0xxx/CVE-2005-0363.json index 3a2242bbf4e..239d25f85b3 100644 --- a/2005/0xxx/CVE-2005-0363.json +++ b/2005/0xxx/CVE-2005-0363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-0363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-682", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-682" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-682", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-682" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0519.json b/2005/0xxx/CVE-2005-0519.json index d3141edd2be..a4c43a70304 100644 --- a/2005/0xxx/CVE-2005-0519.json +++ b/2005/0xxx/CVE-2005-0519.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.argosoft.com/ftpserver/changelist.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.argosoft.com/ftpserver/changelist.aspx" - }, - { - "name" : "12487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12487" - }, - { - "name" : "13614", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13614" - }, - { - "name" : "14172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14172" - }, - { - "name" : "argosoft-ink-file-upload(17939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12487" + }, + { + "name": "13614", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13614" + }, + { + "name": "argosoft-ink-file-upload(17939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17939" + }, + { + "name": "http://www.argosoft.com/ftpserver/changelist.aspx", + "refsource": "CONFIRM", + "url": "http://www.argosoft.com/ftpserver/changelist.aspx" + }, + { + "name": "14172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14172" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0638.json b/2005/0xxx/CVE-2005-0638.json index a3455fd2990..d170803e4a1 100644 --- a/2005/0xxx/CVE-2005-0638.json +++ b/2005/0xxx/CVE-2005-0638.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf" - }, - { - "name" : "DSA-695", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-695" - }, - { - "name" : "FLSA-2006:152923", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/433935/30/5010/threaded" - }, - { - "name" : "GLSA-200503-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200503-05.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=79762", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=79762" - }, - { - "name" : "RHSA-2005:332", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-332.html" - }, - { - "name" : "12712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12712" - }, - { - "name" : "14365", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14365" - }, - { - "name" : "oval:org.mitre.oval:def:10898", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898" - }, - { - "name" : "14459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14459" - }, - { - "name" : "14462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12712" + }, + { + "name": "GLSA-200503-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200503-05.xml" + }, + { + "name": "14459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14459" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=79762", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=79762" + }, + { + "name": "DSA-695", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-695" + }, + { + "name": "RHSA-2005:332", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-332.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf" + }, + { + "name": "14462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14462" + }, + { + "name": "oval:org.mitre.oval:def:10898", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10898" + }, + { + "name": "FLSA-2006:152923", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/433935/30/5010/threaded" + }, + { + "name": "14365", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14365" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0665.json b/2005/0xxx/CVE-2005-0665.json index 06f50b784e9..6653ad1f032 100644 --- a/2005/0xxx/CVE-2005-0665.json +++ b/2005/0xxx/CVE-2005-0665.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200503-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-09.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=83686", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=83686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200503-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-09.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=83686", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=83686" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1102.json b/2005/1xxx/CVE-2005-1102.json index 8e7f68209a3..8cb8fc13d2c 100644 --- a/2005/1xxx/CVE-2005-1102.json +++ b/2005/1xxx/CVE-2005-1102.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050412 WordPress XSS and HTML injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111336102101571&w=2" - }, - { - "name" : "http://wordpress.org/support/topic.php?id=30721", - "refsource" : "MISC", - "url" : "http://wordpress.org/support/topic.php?id=30721" - }, - { - "name" : "GLSA-200506-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200506-04.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=88926", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=88926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050412 WordPress XSS and HTML injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111336102101571&w=2" + }, + { + "name": "GLSA-200506-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200506-04.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=88926", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=88926" + }, + { + "name": "http://wordpress.org/support/topic.php?id=30721", + "refsource": "MISC", + "url": "http://wordpress.org/support/topic.php?id=30721" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1174.json b/2005/1xxx/CVE-2005-1174.json index a92be93d293..ca00617bc36 100644 --- a/2005/1xxx/CVE-2005-1174.json +++ b/2005/1xxx/CVE-2005-1174.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112122123211974&w=2" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt" - }, - { - "name" : "IY85474", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "DSA-757", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-757" - }, - { - "name" : "RHSA-2005:567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-567.html" - }, - { - "name" : "20050703-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" - }, - { - "name" : "101809", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1" - }, - { - "name" : "SUSE-SR:2005:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_17_sr.html" - }, - { - "name" : "TLSA-2005-78", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" - }, - { - "name" : "2005-0036", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0036" - }, - { - "name" : "USN-224-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/224-1/" - }, - { - "name" : "VU#259798", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/259798" - }, - { - "name" : "14240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14240" - }, - { - "name" : "oval:org.mitre.oval:def:10229", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229" - }, - { - "name" : "ADV-2005-1066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1066" - }, - { - "name" : "ADV-2006-2074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2074" - }, - { - "name" : "oval:org.mitre.oval:def:397", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397" - }, - { - "name" : "1014460", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014460" - }, - { - "name" : "16041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16041" - }, - { - "name" : "17899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17899" - }, - { - "name" : "20364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20364" - }, - { - "name" : "kerberos-kdc-krb5-tcp-connection-dos(21327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20364" + }, + { + "name": "RHSA-2005:567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html" + }, + { + "name": "SUSE-SR:2005:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_17_sr.html" + }, + { + "name": "kerberos-kdc-krb5-tcp-connection-dos(21327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21327" + }, + { + "name": "VU#259798", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/259798" + }, + { + "name": "20050712 MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112122123211974&w=2" + }, + { + "name": "1014460", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014460" + }, + { + "name": "ADV-2006-2074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2074" + }, + { + "name": "oval:org.mitre.oval:def:397", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A397" + }, + { + "name": "101809", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt" + }, + { + "name": "TLSA-2005-78", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2005/TLSA-2005-78.txt" + }, + { + "name": "IY85474", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474" + }, + { + "name": "20050703-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc" + }, + { + "name": "14240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14240" + }, + { + "name": "16041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16041" + }, + { + "name": "USN-224-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/224-1/" + }, + { + "name": "DSA-757", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-757" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:10229", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10229" + }, + { + "name": "17899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17899" + }, + { + "name": "ADV-2005-1066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1066" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "2005-0036", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0036" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1646.json b/2005/1xxx/CVE-2005-1646.json index ee816651ac3..c996bd0c8d6 100644 --- a/2005/1xxx/CVE-2005-1646.json +++ b/2005/1xxx/CVE-2005-1646.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security.org.sg/vuln/netfileftp746port.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/netfileftp746port.html" - }, - { - "name" : "ADV-2005-0556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0556" - }, - { - "name" : "16621", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16621" - }, - { - "name" : "15394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-0556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0556" + }, + { + "name": "15394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15394" + }, + { + "name": "16621", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16621" + }, + { + "name": "http://www.security.org.sg/vuln/netfileftp746port.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/netfileftp746port.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1688.json b/2005/1xxx/CVE-2005-1688.json index 2a4feb90025..f37f6d42c0c 100644 --- a/2005/1xxx/CVE-2005-1688.json +++ b/2005/1xxx/CVE-2005-1688.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050520 [BuHa Security] Wordpress SQL-Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111661517716733&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050520 [BuHa Security] Wordpress SQL-Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111661517716733&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4046.json b/2005/4xxx/CVE-2005-4046.json index 67cbb7c78ee..96131338128 100644 --- a/2005/4xxx/CVE-2005-4046.json +++ b/2005/4xxx/CVE-2005-4046.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and \"compromise data privacy.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102012", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1" - }, - { - "name" : "15728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15728" - }, - { - "name" : "ADV-2005-2753", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2753" - }, - { - "name" : "1015312", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015312" - }, - { - "name" : "17873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and \"compromise data privacy.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102012", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1" + }, + { + "name": "ADV-2005-2753", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2753" + }, + { + "name": "1015312", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015312" + }, + { + "name": "15728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15728" + }, + { + "name": "17873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17873" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4468.json b/2005/4xxx/CVE-2005-4468.json index 95cf86db1dc..49707484c25 100644 --- a/2005/4xxx/CVE-2005-4468.json +++ b/2005/4xxx/CVE-2005-4468.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 PHPGedView <= 3.3.7 remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419906/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/phpgedview_337_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/phpgedview_337_xpl.html" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64" - }, - { - "name" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081" - }, - { - "name" : "15983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15983" - }, - { - "name" : "ADV-2005-3033", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3033" - }, - { - "name" : "22009", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22009" - }, - { - "name" : "1015395", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015395" - }, - { - "name" : "18177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18177" - }, - { - "name" : "phpgedview-helptextvars-file-include(23871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15983" + }, + { + "name": "http://rgod.altervista.org/phpgedview_337_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/phpgedview_337_xpl.html" + }, + { + "name": "20051220 PHPGedView <= 3.3.7 remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419906/100/0/threaded" + }, + { + "name": "phpgedview-helptextvars-file-include(23871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23871" + }, + { + "name": "18177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18177" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64" + }, + { + "name": "ADV-2005-3033", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3033" + }, + { + "name": "22009", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22009" + }, + { + "name": "1015395", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015395" + }, + { + "name": "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4779.json b/2005/4xxx/CVE-2005-4779.json index 55fa4657e85..1d431e1c5f1 100644 --- a/2005/4xxx/CVE-2005-4779.json +++ b/2005/4xxx/CVE-2005-4779.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netbsd-announce] 20051031 Announcing update 2.0.3 - source only", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1.4.2.1&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1.4.2.1&f=h" - }, - { - "name" : "http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988", - "refsource" : "CONFIRM", - "url" : "http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988" - }, - { - "name" : "20725", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988", + "refsource": "CONFIRM", + "url": "http://releng.netbsd.org/cgi-bin/req-2-0.cgi?show=1988" + }, + { + "name": "[netbsd-announce] 20051031 Announcing update 2.0.3 - source only", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1.4.2.1&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/verified_exec.c.diff?r1=1.4&r2=1.4.2.1&f=h" + }, + { + "name": "20725", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20725" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4839.json b/2005/4xxx/CVE-2005-4839.json index 7d31c2b3d72..87cee354e70 100644 --- a/2005/4xxx/CVE-2005-4839.json +++ b/2005/4xxx/CVE-2005-4839.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-4839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[TLS] 20050602 ANNOUNCE: PureTLS 0.9b5", - "refsource" : "MLIST", - "url" : "http://www1.ietf.org/mail-archive/web/tls/current/msg00229.html" - }, - { - "name" : "http://www.rtfm.com/puretls/", - "refsource" : "CONFIRM", - "url" : "http://www.rtfm.com/puretls/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rtfm.com/puretls/", + "refsource": "CONFIRM", + "url": "http://www.rtfm.com/puretls/" + }, + { + "name": "[TLS] 20050602 ANNOUNCE: PureTLS 0.9b5", + "refsource": "MLIST", + "url": "http://www1.ietf.org/mail-archive/web/tls/current/msg00229.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0131.json b/2009/0xxx/CVE-2009-0131.json index bdba8198f29..49a3afca47f 100644 --- a/2009/0xxx/CVE-2009-0131.json +++ b/2009/0xxx/CVE-2009-0131.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6711995", - "refsource" : "CONFIRM", - "url" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6711995" - }, - { - "name" : "239188", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239188-1" - }, - { - "name" : "33267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33267" - }, - { - "name" : "1021600", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UFS implementation in the kernel in Sun OpenSolaris snv_29 through snv_90 allows local users to cause a denial of service (panic) via the single posix_fallocate test in the SUSv3 POSIX test suite, related to an F_ALLOCSP fcntl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "239188", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239188-1" + }, + { + "name": "1021600", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021600" + }, + { + "name": "http://bugs.opensolaris.org/view_bug.do?bug_id=6711995", + "refsource": "CONFIRM", + "url": "http://bugs.opensolaris.org/view_bug.do?bug_id=6711995" + }, + { + "name": "33267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33267" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0308.json b/2009/0xxx/CVE-2009-0308.json index a48cd737e5d..483a2fb480d 100644 --- a/2009/0xxx/CVE-2009-0308.json +++ b/2009/0xxx/CVE-2009-0308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0308", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0308", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0879.json b/2009/0xxx/CVE-2009-0879.json index 4a8b2aab71d..363ac6de68f 100644 --- a/2009/0xxx/CVE-2009-0879.json +++ b/2009/0xxx/CVE-2009-0879.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501638/100/0/threaded" - }, - { - "name" : "8190", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8190" - }, - { - "name" : "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt" - }, - { - "name" : "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8", - "refsource" : "MISC", - "url" : "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8" - }, - { - "name" : "34061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34061" - }, - { - "name" : "52615", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52615" - }, - { - "name" : "1021825", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021825" - }, - { - "name" : "34212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34212" - }, - { - "name" : "ADV-2009-0656", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0656" - }, - { - "name" : "director-cim-consumer-dos(49285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0656", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0656" + }, + { + "name": "52615", + "refsource": "OSVDB", + "url": "http://osvdb.org/52615" + }, + { + "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded" + }, + { + "name": "34212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34212" + }, + { + "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8", + "refsource": "MISC", + "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8" + }, + { + "name": "director-cim-consumer-dos(49285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285" + }, + { + "name": "1021825", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021825" + }, + { + "name": "34061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34061" + }, + { + "name": "8190", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8190" + }, + { + "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0928.json b/2009/0xxx/CVE-2009-0928.json index 8b0f2c8ffa9..b6cdc666b1d 100644 --- a/2009/0xxx/CVE-2009-0928.json +++ b/2009/0xxx/CVE-2009-0928.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090324 Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html" - }, - { - "name" : "GLSA-200904-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-17.xml" - }, - { - "name" : "RHSA-2009:0376", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0376.html" - }, - { - "name" : "256788", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1" - }, - { - "name" : "SUSE-SA:2009:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html" - }, - { - "name" : "SUSE-SR:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" - }, - { - "name" : "34229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34229" - }, - { - "name" : "1021892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021892" - }, - { - "name" : "34392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34392" - }, - { - "name" : "34490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34490" - }, - { - "name" : "34706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34706" - }, - { - "name" : "34790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34790" - }, - { - "name" : "ADV-2009-1019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090324 Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776" + }, + { + "name": "34790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34790" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html" + }, + { + "name": "34229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34229" + }, + { + "name": "34490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34490" + }, + { + "name": "1021892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021892" + }, + { + "name": "RHSA-2009:0376", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html" + }, + { + "name": "34392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34392" + }, + { + "name": "SUSE-SA:2009:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html" + }, + { + "name": "34706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34706" + }, + { + "name": "256788", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1" + }, + { + "name": "GLSA-200904-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-17.xml" + }, + { + "name": "SUSE-SR:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" + }, + { + "name": "ADV-2009-1019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1019" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0954.json b/2009/0xxx/CVE-2009-0954.json index 427f19043ff..27abca9f13f 100644 --- a/2009/0xxx/CVE-2009-0954.json +++ b/2009/0xxx/CVE-2009-0954.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3591", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3591" - }, - { - "name" : "APPLE-SA-2009-06-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html" - }, - { - "name" : "35167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35167" - }, - { - "name" : "54875", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54875" - }, - { - "name" : "oval:org.mitre.oval:def:15344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15344" - }, - { - "name" : "1022314", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022314" - }, - { - "name" : "35091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35091" - }, - { - "name" : "ADV-2009-1469", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1469" - }, - { - "name" : "quicktime-crgn-bo(50892)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35091" + }, + { + "name": "quicktime-crgn-bo(50892)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50892" + }, + { + "name": "http://support.apple.com/kb/HT3591", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3591" + }, + { + "name": "1022314", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022314" + }, + { + "name": "ADV-2009-1469", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1469" + }, + { + "name": "35167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35167" + }, + { + "name": "oval:org.mitre.oval:def:15344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15344" + }, + { + "name": "54875", + "refsource": "OSVDB", + "url": "http://osvdb.org/54875" + }, + { + "name": "APPLE-SA-2009-06-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0968.json b/2009/0xxx/CVE-2009-0968.json index 00a8f1f90ba..be1adab3772 100644 --- a/2009/0xxx/CVE-2009-0968.json +++ b/2009/0xxx/CVE-2009-0968.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8229", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8229" - }, - { - "name" : "34147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34147" - }, - { - "name" : "52836", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52836" - }, - { - "name" : "34341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34341" - }, - { - "name" : "ADV-2009-0752", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0752" - }, - { - "name" : "fmoblog-index-sql-injection(49296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52836", + "refsource": "OSVDB", + "url": "http://osvdb.org/52836" + }, + { + "name": "8229", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8229" + }, + { + "name": "fmoblog-index-sql-injection(49296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49296" + }, + { + "name": "ADV-2009-0752", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0752" + }, + { + "name": "34341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34341" + }, + { + "name": "34147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34147" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1158.json b/2009/1xxx/CVE-2009-1158.json index 2b02175c140..25adde68fa4 100644 --- a/2009/1xxx/CVE-2009-1158.json +++ b/2009/1xxx/CVE-2009-1158.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml" - }, - { - "name" : "34429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34429" - }, - { - "name" : "53444", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53444" - }, - { - "name" : "1022015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022015" - }, - { - "name" : "34607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34607" - }, - { - "name" : "ADV-2009-0981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0981" + }, + { + "name": "34429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34429" + }, + { + "name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml" + }, + { + "name": "34607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34607" + }, + { + "name": "1022015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022015" + }, + { + "name": "53444", + "refsource": "OSVDB", + "url": "http://osvdb.org/53444" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3141.json b/2009/3xxx/CVE-2009-3141.json index a5ecae26c96..4e180de60e5 100644 --- a/2009/3xxx/CVE-2009-3141.json +++ b/2009/3xxx/CVE-2009-3141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3141", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-3141", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3315.json b/2009/3xxx/CVE-2009-3315.json index 6d924cb5c4a..44fae7903dd 100644 --- a/2009/3xxx/CVE-2009-3315.json +++ b/2009/3xxx/CVE-2009-3315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9712", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9712" - }, - { - "name" : "36444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36444" - }, - { - "name" : "nephp-publisher-index-sql-injection(53332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36444" + }, + { + "name": "nephp-publisher-index-sql-injection(53332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53332" + }, + { + "name": "9712", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9712" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3583.json b/2009/3xxx/CVE-2009-3583.json index 064462a8716..41ce5fb6d8a 100644 --- a/2009/3xxx/CVE-2009-3583.json +++ b/2009/3xxx/CVE-2009-3583.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091221 SQL-Ledger â?? several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508559/100/0/threaded" - }, - { - "name" : "37431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37431" - }, - { - "name" : "37877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37877" - }, - { - "name" : "sqlledger-countrycode-file-include(54967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sqlledger-countrycode-file-include(54967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967" + }, + { + "name": "20091221 SQL-Ledger â?? several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded" + }, + { + "name": "37877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37877" + }, + { + "name": "37431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37431" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3693.json b/2009/3xxx/CVE-2009-3693.json index 43cff126708..c88bef9448b 100644 --- a/2009/3xxx/CVE-2009-3693.json +++ b/2009/3xxx/CVE-2009-3693.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://retrogod.altervista.org/9sg_hp_loadrunner.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_hp_loadrunner.html" - }, - { - "name" : "36898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \\.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36898" + }, + { + "name": "http://retrogod.altervista.org/9sg_hp_loadrunner.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_hp_loadrunner.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4033.json b/2009/4xxx/CVE-2009-4033.json index caab16a8fb7..6da972f1890 100644 --- a/2009/4xxx/CVE-2009-4033.json +++ b/2009/4xxx/CVE-2009-4033.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515062", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515062" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=542926", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=542926" - }, - { - "name" : "MDVSA-2009:342", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:342" - }, - { - "name" : "RHSA-2009:1642", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1642.html" - }, - { - "name" : "37249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37249" - }, - { - "name" : "oval:org.mitre.oval:def:10555", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10555" - }, - { - "name" : "1023284", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023284" - }, - { - "name" : "acpid-logfile-privilege-escalation(54677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37249" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=542926", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542926" + }, + { + "name": "1023284", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023284" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=515062", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515062" + }, + { + "name": "oval:org.mitre.oval:def:10555", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10555" + }, + { + "name": "RHSA-2009:1642", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1642.html" + }, + { + "name": "acpid-logfile-privilege-escalation(54677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54677" + }, + { + "name": "MDVSA-2009:342", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:342" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4129.json b/2009/4xxx/CVE-2009-4129.json index 3709517242b..0037f84cdcf 100644 --- a/2009/4xxx/CVE-2009-4129.json +++ b/2009/4xxx/CVE-2009-4129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091205 Mozilla Firefox JavaScript Prompt Spoofing Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-12/0104.html" - }, - { - "name" : "37230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37230" - }, - { - "name" : "1023287", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023287" - }, - { - "name" : "firefox-javascript-spoofing(54611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-javascript-spoofing(54611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54611" + }, + { + "name": "20091205 Mozilla Firefox JavaScript Prompt Spoofing Weakness", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0104.html" + }, + { + "name": "1023287", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023287" + }, + { + "name": "37230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37230" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4325.json b/2009/4xxx/CVE-2009-4325.json index f5f1f9e82f2..678d15d8630 100644 --- a/2009/4xxx/CVE-2009-4325.json +++ b/2009/4xxx/CVE-2009-4325.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" - }, - { - "name" : "IC64702", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702" - }, - { - "name" : "LI72709", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709" - }, - { - "name" : "LI74500", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500" - }, - { - "name" : "LI74504", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504" - }, - { - "name" : "37332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37332" - }, - { - "name" : "37759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37759" - }, - { - "name" : "ADV-2009-3520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite \"external memory\" via unknown vectors, related to a missing \"check for null pointers.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" + }, + { + "name": "LI72709", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI72709" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "LI74500", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74500" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" + }, + { + "name": "IC64702", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64702" + }, + { + "name": "ADV-2009-3520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3520" + }, + { + "name": "37332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37332" + }, + { + "name": "LI74504", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI74504" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" + }, + { + "name": "37759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37759" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4456.json b/2009/4xxx/CVE-2009-4456.json index 622e3ec66f2..61a7dd0f986 100644 --- a/2009/4xxx/CVE-2009-4456.json +++ b/2009/4xxx/CVE-2009-4456.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10710", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10710" - }, - { - "name" : "61353", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61353" - }, - { - "name" : "37839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10710", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10710" + }, + { + "name": "37839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37839" + }, + { + "name": "61353", + "refsource": "OSVDB", + "url": "http://osvdb.org/61353" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4911.json b/2009/4xxx/CVE-2009-4911.json index ae98f40a240..fec5e54bf4e 100644 --- a/2009/4xxx/CVE-2009-4911.json +++ b/2009/4xxx/CVE-2009-4911.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4941.json b/2009/4xxx/CVE-2009-4941.json index 3c20434593d..c46c2163300 100644 --- a/2009/4xxx/CVE-2009-4941.json +++ b/2009/4xxx/CVE-2009-4941.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/115/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/115/45/" - }, - { - "name" : "54798", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54798" - }, - { - "name" : "35173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35173" - }, - { - "name" : "acollab-signin-xss(50833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acollab-signin-xss(50833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50833" + }, + { + "name": "54798", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54798" + }, + { + "name": "35173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35173" + }, + { + "name": "http://holisticinfosec.org/content/view/115/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/115/45/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4953.json b/2009/4xxx/CVE-2009-4953.json index fe9fd57fd2a..53e2424808c 100644 --- a/2009/4xxx/CVE-2009-4953.json +++ b/2009/4xxx/CVE-2009-4953.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2141.json b/2012/2xxx/CVE-2012-2141.json index aa91f9b06d9..f72234ba7a8 100644 --- a/2012/2xxx/CVE-2012-2141.json +++ b/2012/2xxx/CVE-2012-2141.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/26/2" - }, - { - "name" : "[oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/26/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=815813", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=815813" - }, - { - "name" : "http://support.citrix.com/article/CTX139049", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX139049" - }, - { - "name" : "GLSA-201409-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" - }, - { - "name" : "RHSA-2013:0124", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0124.html" - }, - { - "name" : "53255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53255" - }, - { - "name" : "53258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53258" - }, - { - "name" : "1026984", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026984" - }, - { - "name" : "48938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48938" - }, - { - "name" : "59974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59974" - }, - { - "name" : "netsnmp-snmpget-dos(75169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/26/3" + }, + { + "name": "RHSA-2013:0124", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0124.html" + }, + { + "name": "netsnmp-snmpget-dos(75169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75169" + }, + { + "name": "1026984", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026984" + }, + { + "name": "59974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59974" + }, + { + "name": "http://support.citrix.com/article/CTX139049", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX139049" + }, + { + "name": "[oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/26/2" + }, + { + "name": "GLSA-201409-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" + }, + { + "name": "53258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53258" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=815813", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=815813" + }, + { + "name": "53255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53255" + }, + { + "name": "48938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48938" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2353.json b/2012/2xxx/CVE-2012-2353.json index d515894e050..9ca38cd222f 100644 --- a/2012/2xxx/CVE-2012-2353.json +++ b/2012/2xxx/CVE-2012-2353.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to \"Enrolled users\" under the Users Settings section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120523 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/05/23/2" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to \"Enrolled users\" under the Users Settings section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120523 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/05/23/2" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2379.json b/2012/2xxx/CVE-2012-2379.json index 3ba6cf6d170..c0ff3921742 100644 --- a/2012/2xxx/CVE-2012-2379.json +++ b/2012/2xxx/CVE-2012-2379.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cxf.apache.org/cve-2012-2379.html", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/cve-2012-2379.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1338219", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1338219" - }, - { - "name" : "RHSA-2012:1591", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" - }, - { - "name" : "RHSA-2012:1592", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" - }, - { - "name" : "RHSA-2012:1594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" - }, - { - "name" : "RHSA-2013:0191", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" - }, - { - "name" : "RHSA-2013:0192", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" - }, - { - "name" : "RHSA-2013:0193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" - }, - { - "name" : "RHSA-2013:0194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" - }, - { - "name" : "RHSA-2013:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" - }, - { - "name" : "RHSA-2013:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" - }, - { - "name" : "RHSA-2013:0197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" - }, - { - "name" : "RHSA-2013:0198", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" - }, - { - "name" : "RHSA-2012:1559", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1559.html" - }, - { - "name" : "RHSA-2012:1573", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1573.html" - }, - { - "name" : "RHSA-2012:1593", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1593.html" - }, - { - "name" : "51607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51607" - }, - { - "name" : "51984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1559", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1559.html" + }, + { + "name": "http://cxf.apache.org/cve-2012-2379.html", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/cve-2012-2379.html" + }, + { + "name": "RHSA-2013:0192", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "name": "RHSA-2013:0198", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "name": "RHSA-2012:1594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" + }, + { + "name": "RHSA-2013:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "name": "RHSA-2013:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "name": "51607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51607" + }, + { + "name": "RHSA-2013:0193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "name": "51984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51984" + }, + { + "name": "RHSA-2012:1592", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1338219", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1338219" + }, + { + "name": "RHSA-2013:0191", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "name": "RHSA-2012:1593", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1593.html" + }, + { + "name": "RHSA-2012:1573", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1573.html" + }, + { + "name": "RHSA-2012:1591", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" + }, + { + "name": "RHSA-2013:0197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html" + }, + { + "name": "RHSA-2013:0194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6338.json b/2012/6xxx/CVE-2012-6338.json index e1625d95d14..69197093d42 100644 --- a/2012/6xxx/CVE-2012-6338.json +++ b/2012/6xxx/CVE-2012-6338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1241.json b/2015/1xxx/CVE-2015-1241.json index 97ff5c54e1f..36744fb969f 100644 --- a/2015/1xxx/CVE-2015-1241.json +++ b/2015/1xxx/CVE-2015-1241.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a \"tapjacking\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=418402", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=418402" - }, - { - "name" : "https://codereview.chromium.org/628763003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/628763003" - }, - { - "name" : "https://codereview.chromium.org/660663002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/660663002" - }, - { - "name" : "https://codereview.chromium.org/717573004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/717573004" - }, - { - "name" : "https://codereview.chromium.org/868123002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/868123002" - }, - { - "name" : "DSA-3238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3238" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "RHSA-2015:0816", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0816.html" - }, - { - "name" : "openSUSE-SU-2015:1887", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0748", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" - }, - { - "name" : "USN-2570-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2570-1" - }, - { - "name" : "1032209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a \"tapjacking\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0816", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html" + }, + { + "name": "https://codereview.chromium.org/660663002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/660663002" + }, + { + "name": "USN-2570-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2570-1" + }, + { + "name": "https://codereview.chromium.org/717573004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/717573004" + }, + { + "name": "DSA-3238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3238" + }, + { + "name": "openSUSE-SU-2015:1887", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "1032209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032209" + }, + { + "name": "https://codereview.chromium.org/868123002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/868123002" + }, + { + "name": "https://codereview.chromium.org/628763003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/628763003" + }, + { + "name": "openSUSE-SU-2015:0748", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=418402", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=418402" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1260.json b/2015/1xxx/CVE-2015-1260.json index ce65934bdbc..e7dc6de759d 100644 --- a/2015/1xxx/CVE-2015-1260.json +++ b/2015/1xxx/CVE-2015-1260.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=474370", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=474370" - }, - { - "name" : "https://codereview.chromium.org/1075833002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1075833002" - }, - { - "name" : "DSA-3267", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3267" - }, - { - "name" : "GLSA-201506-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201506-04" - }, - { - "name" : "openSUSE-SU-2015:1877", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" - }, - { - "name" : "openSUSE-SU-2015:0969", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" - }, - { - "name" : "74723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74723" - }, - { - "name" : "1032375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:0969", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html" + }, + { + "name": "https://codereview.chromium.org/1075833002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1075833002" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=474370", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=474370" + }, + { + "name": "GLSA-201506-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201506-04" + }, + { + "name": "openSUSE-SU-2015:1877", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html" + }, + { + "name": "1032375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032375" + }, + { + "name": "DSA-3267", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3267" + }, + { + "name": "74723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74723" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1699.json b/2015/1xxx/CVE-2015-1699.json index d6da86b2deb..a529a6a9bf5 100644 --- a/2015/1xxx/CVE-2015-1699.json +++ b/2015/1xxx/CVE-2015-1699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" - }, - { - "name" : "1032280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032280" + }, + { + "name": "MS15-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1862.json b/2015/1xxx/CVE-2015-1862.json index f3c2011c867..dfbd50e8690 100644 --- a/2015/1xxx/CVE-2015-1862.json +++ b/2015/1xxx/CVE-2015-1862.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "36746", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36746/" - }, - { - "name" : "36747", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36747/" - }, - { - "name" : "20150414 Problems in automatic crash analysis frameworks", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/34" - }, - { - "name" : "[oss-security] 20150414 Problems in automatic crash analysis frameworks", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/04/14/4" - }, - { - "name" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html" - }, - { - "name" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html" - }, - { - "name" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211223" - }, - { - "name" : "https://github.com/abrt/abrt/pull/810", - "refsource" : "CONFIRM", - "url" : "https://github.com/abrt/abrt/pull/810" - }, - { - "name" : "74263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1211223", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211223" + }, + { + "name": "[oss-security] 20150414 Problems in automatic crash analysis frameworks", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/04/14/4" + }, + { + "name": "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131422/Fedora-abrt-Race-Condition.html" + }, + { + "name": "36746", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36746/" + }, + { + "name": "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131429/Abrt-Apport-Race-Condition-Symlink.html" + }, + { + "name": "74263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74263" + }, + { + "name": "36747", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36747/" + }, + { + "name": "https://github.com/abrt/abrt/pull/810", + "refsource": "CONFIRM", + "url": "https://github.com/abrt/abrt/pull/810" + }, + { + "name": "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131423/Linux-Apport-Abrt-Local-Root-Exploit.html" + }, + { + "name": "20150414 Problems in automatic crash analysis frameworks", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/34" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1940.json b/2015/1xxx/CVE-2015-1940.json index 3430dfd0953..3ace2ff3bf1 100644 --- a/2015/1xxx/CVE-2015-1940.json +++ b/2015/1xxx/CVE-2015-1940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1940", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1940", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5064.json b/2015/5xxx/CVE-2015-5064.json index 417d1ba1cb8..89a177be231 100644 --- a/2015/5xxx/CVE-2015-5064.json +++ b/2015/5xxx/CVE-2015-5064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150621 mysql-lite-administrator XSS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535809/100/0/threaded" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/132420/MySQL-Lite-Administrator-Beta-1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132420/MySQL-Lite-Administrator-Beta-1-Cross-Site-Scripting.html" - }, - { - "name" : "75397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75397" + }, + { + "name": "http://packetstormsecurity.com/files/132420/MySQL-Lite-Administrator-Beta-1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132420/MySQL-Lite-Administrator-Beta-1-Cross-Site-Scripting.html" + }, + { + "name": "20150621 mysql-lite-administrator XSS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535809/100/0/threaded" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5857.json b/2015/5xxx/CVE-2015-5857.json index c233042c8e7..10c6ce3482d 100644 --- a/2015/5xxx/CVE-2015-5857.json +++ b/2015/5xxx/CVE-2015-5857.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5888.json b/2015/5xxx/CVE-2015-5888.json index d0274784fe9..eed520fe426 100644 --- a/2015/5xxx/CVE-2015-5888.json +++ b/2015/5xxx/CVE-2015-5888.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002204.json b/2018/1002xxx/CVE-2018-1002204.json index e1a3f82327a..6e703b98336 100644 --- a/2018/1002xxx/CVE-2018-1002204.json +++ b/2018/1002xxx/CVE-2018-1002204.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-05-17T10:52Z", - "ID" : "CVE-2018-1002204", - "REQUESTER" : "danny@snyk.io", - "STATE" : "PUBLIC", - "UPDATED" : "2018-05-17T10:52Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "adm-zip", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "0.4.9" - } - ] - } - } - ] - }, - "vendor_name" : "node.js" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_ASSIGNED": "2018-05-17T10:52Z", + "ID": "CVE-2018-1002204", + "REQUESTER": "danny@snyk.io", + "STATE": "PUBLIC", + "UPDATED": "2018-05-17T10:52Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "adm-zip", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.4.9" + } + ] + } + } + ] + }, + "vendor_name": "node.js" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/snyk/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/snyk/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/research/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://snyk.io/research/zip-slip-vulnerability" - }, - { - "name" : "https://snyk.io/vuln/npm:adm-zip:20180415", - "refsource" : "MISC", - "url" : "https://snyk.io/vuln/npm:adm-zip:20180415" - }, - { - "name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25", - "refsource" : "CONFIRM", - "url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" - }, - { - "name" : "https://github.com/cthackers/adm-zip/pull/212", - "refsource" : "CONFIRM", - "url" : "https://github.com/cthackers/adm-zip/pull/212" - }, - { - "name" : "107001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name": "https://github.com/cthackers/adm-zip/pull/212", + "refsource": "CONFIRM", + "url": "https://github.com/cthackers/adm-zip/pull/212" + }, + { + "name": "107001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107001" + }, + { + "name": "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25", + "refsource": "CONFIRM", + "url": "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" + }, + { + "name": "https://github.com/snyk/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name": "https://snyk.io/vuln/npm:adm-zip:20180415", + "refsource": "MISC", + "url": "https://snyk.io/vuln/npm:adm-zip:20180415" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index bf4b573e32b..d8d6229895b 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "ID" : "CVE-2018-11057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BSAFE Micro Edition Suite", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.0.11" - }, - { - "affected" : "<", - "version_value" : "4.1.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Covert Timing Channel vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-11057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.0.11" + }, + { + "affected": "<", + "version_value": "4.1.6.1" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Covert Timing Channel vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11739.json b/2018/11xxx/CVE-2018-11739.json index 37cee8be705..4d0507b7e78 100644 --- a/2018/11xxx/CVE-2018-11739.json +++ b/2018/11xxx/CVE-2018-11739.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sleuthkit/sleuthkit/issues/1267", - "refsource" : "MISC", - "url" : "https://github.com/sleuthkit/sleuthkit/issues/1267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sleuthkit/sleuthkit/issues/1267", + "refsource": "MISC", + "url": "https://github.com/sleuthkit/sleuthkit/issues/1267" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11896.json b/2018/11xxx/CVE-2018-11896.json index 8ba68286265..3cc5fb94d79 100644 --- a/2018/11xxx/CVE-2018-11896.json +++ b/2018/11xxx/CVE-2018-11896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3113.json b/2018/3xxx/CVE-2018-3113.json index 4f65b03d2f6..489adb3dcb6 100644 --- a/2018/3xxx/CVE-2018-3113.json +++ b/2018/3xxx/CVE-2018-3113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3235.json b/2018/3xxx/CVE-2018-3235.json index 3b800362c31..3e7c0c14141 100644 --- a/2018/3xxx/CVE-2018-3235.json +++ b/2018/3xxx/CVE-2018-3235.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Applications Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - }, - { - "version_affected" : "=", - "version_value" : "12.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + }, + { + "version_affected": "=", + "version_value": "12.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "105620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105620" - }, - { - "name" : "1041897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041897" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "105620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105620" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3629.json b/2018/3xxx/CVE-2018-3629.json index 2526aa9ff72..09c1ed0fe42 100644 --- a/2018/3xxx/CVE-2018-3629.json +++ b/2018/3xxx/CVE-2018-3629.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "3.x,4.x,5.x,6.x,7.x,8.x,9.x,10.x,11.x" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "3.x,4.x,5.x,6.x,7.x,8.x,9.x,10.x,11.x" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us" - }, - { - "name" : "1041362", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041362", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041362" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7128.json b/2018/7xxx/CVE-2018-7128.json index 5414d941f17..a9bce876c62 100644 --- a/2018/7xxx/CVE-2018-7128.json +++ b/2018/7xxx/CVE-2018-7128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7128", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7128", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7590.json b/2018/7xxx/CVE-2018-7590.json index 9dda3dc64e2..8b78c94e9c1 100644 --- a/2018/7xxx/CVE-2018-7590.json +++ b/2018/7xxx/CVE-2018-7590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/havok89/Hoosk/issues/45", - "refsource" : "MISC", - "url" : "https://github.com/havok89/Hoosk/issues/45" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/havok89/Hoosk/issues/45", + "refsource": "MISC", + "url": "https://github.com/havok89/Hoosk/issues/45" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7716.json b/2018/7xxx/CVE-2018-7716.json index aa11d19b4cd..5d558203b70 100644 --- a/2018/7xxx/CVE-2018-7716.json +++ b/2018/7xxx/CVE-2018-7716.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VerSprite/research/edit/master/advisories/VS-2018-006.md", - "refsource" : "MISC", - "url" : "https://github.com/VerSprite/research/edit/master/advisories/VS-2018-006.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VerSprite/research/edit/master/advisories/VS-2018-006.md", + "refsource": "MISC", + "url": "https://github.com/VerSprite/research/edit/master/advisories/VS-2018-006.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8123.json b/2018/8xxx/CVE-2018-8123.json index 4e311094e35..3dfe7c3f333 100644 --- a/2018/8xxx/CVE-2018-8123.json +++ b/2018/8xxx/CVE-2018-8123.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8123", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8123" - }, - { - "name" : "103965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103965" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8123", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8123" + }, + { + "name": "103965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103965" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8190.json b/2018/8xxx/CVE-2018-8190.json index 838825564a8..e688444b9ca 100644 --- a/2018/8xxx/CVE-2018-8190.json +++ b/2018/8xxx/CVE-2018-8190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8190", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8190", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8449.json b/2018/8xxx/CVE-2018-8449.json index 6799ac7a14f..a32dddfb15a 100644 --- a/2018/8xxx/CVE-2018-8449.json +++ b/2018/8xxx/CVE-2018-8449.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka \"Device Guard Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45435", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45435/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449" - }, - { - "name" : "105272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105272" - }, - { - "name" : "1041642", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka \"Device Guard Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041642", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041642" + }, + { + "name": "105272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105272" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449" + }, + { + "name": "45435", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45435/" + } + ] + } +} \ No newline at end of file