diff --git a/2002/2xxx/CVE-2002-2307.json b/2002/2xxx/CVE-2002-2307.json index 5790623028e..eac250b5492 100644 --- a/2002/2xxx/CVE-2002-2307.json +++ b/2002/2xxx/CVE-2002-2307.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt", - "refsource" : "MISC", - "url" : "http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt" - }, - { - "name" : "5279", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5279" - }, - { - "name" : "benhur-protected-port-scan(9644)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9644.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5279", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5279" + }, + { + "name": "http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt", + "refsource": "MISC", + "url": "http://www.aerasec.de/security/advisories/txt/ae-200207-028-BenHur-activeFTPruleset.txt" + }, + { + "name": "benhur-protected-port-scan(9644)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9644.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2419.json b/2002/2xxx/CVE-2002-2419.json index e4981d3492b..fada03556ce 100644 --- a/2002/2xxx/CVE-2002-2419.json +++ b/2002/2xxx/CVE-2002-2419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ac2i.tzo.com/dctc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://ac2i.tzo.com/dctc/ChangeLog" - }, - { - "name" : "5781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5781" - }, - { - "name" : "dctc-null-byte-dos(10181)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10181.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dctc-null-byte-dos(10181)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10181.php" + }, + { + "name": "5781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5781" + }, + { + "name": "http://ac2i.tzo.com/dctc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://ac2i.tzo.com/dctc/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0435.json b/2005/0xxx/CVE-2005-0435.json index 413b4d991d9..a22eab8b21b 100644 --- a/2005/0xxx/CVE-2005-0435.json +++ b/2005/0xxx/CVE-2005-0435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 AWStats <= 6.4 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/390368" - }, - { - "name" : "14299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14299" - }, - { - "name" : "awstats-awstatpl-obtain-information(19333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14299" + }, + { + "name": "awstats-awstatpl-obtain-information(19333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19333" + }, + { + "name": "20050214 AWStats <= 6.4 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/390368" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0561.json b/2005/0xxx/CVE-2005-0561.json index 7a7530f029a..93443cc2a79 100644 --- a/2005/0xxx/CVE-2005-0561.json +++ b/2005/0xxx/CVE-2005-0561.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0561", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0561", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0922.json b/2005/0xxx/CVE-2005-0922.json index 07889fe041d..174ae7679e6 100644 --- a/2005/0xxx/CVE-2005-0922.json +++ b/2005/0xxx/CVE-2005-0922.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html" - }, - { - "name" : "VU#146020", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/146020" - }, - { - "name" : "12923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12923" - }, - { - "name" : "1013585", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013585" - }, - { - "name" : "1013586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013586" - }, - { - "name" : "1013587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013587" - }, - { - "name" : "14741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12923" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html" + }, + { + "name": "1013586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013586" + }, + { + "name": "VU#146020", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/146020" + }, + { + "name": "1013587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013587" + }, + { + "name": "1013585", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013585" + }, + { + "name": "14741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14741" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1139.json b/2005/1xxx/CVE-2005-1139.json index f531ab5870d..dfa57ca183f 100644 --- a/2005/1xxx/CVE-2005-1139.json +++ b/2005/1xxx/CVE-2005-1139.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm", - "refsource" : "MISC", - "url" : "http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm" - }, - { - "name" : "http://www.geotrust.com/resources/advisory/sslorg/index.htm", - "refsource" : "MISC", - "url" : "http://www.geotrust.com/resources/advisory/sslorg/index.htm" - }, - { - "name" : "SUSE-SA:2005:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_31_opera.html" - }, - { - "name" : "13176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13176" - }, - { - "name" : "opera-ssl-spoofing(40503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2005:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_31_opera.html" + }, + { + "name": "http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm", + "refsource": "MISC", + "url": "http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm" + }, + { + "name": "opera-ssl-spoofing(40503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40503" + }, + { + "name": "http://www.geotrust.com/resources/advisory/sslorg/index.htm", + "refsource": "MISC", + "url": "http://www.geotrust.com/resources/advisory/sslorg/index.htm" + }, + { + "name": "13176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13176" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1367.json b/2005/1xxx/CVE-2005-1367.json index ae6d55834a7..893173cf0f0 100644 --- a/2005/1xxx/CVE-2005-1367.json +++ b/2005/1xxx/CVE-2005-1367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050516 Pico Server (pServ) Local Information Disclosure", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111625623909003&w=2" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-012.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-012.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-012.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-012.txt" + }, + { + "name": "20050516 Pico Server (pServ) Local Information Disclosure", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111625623909003&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1474.json b/2005/1xxx/CVE-2005-1474.json index 26e5eb16c98..252f0d5cc4d 100644 --- a/2005/1xxx/CVE-2005-1474.json +++ b/2005/1xxx/CVE-2005-1474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-05-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00004.html" - }, - { - "name" : "13694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-05-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00004.html" + }, + { + "name": "13694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13694" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1628.json b/2005/1xxx/CVE-2005-1628.json index 26f5525725f..b4c56bdb7d7 100644 --- a/2005/1xxx/CVE-2005-1628.json +++ b/2005/1xxx/CVE-2005-1628.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 Application orders Linux in WebAPP v0.9.9.2.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449517/100/200/threaded" - }, - { - "name" : "20061024 Re: Application orders Linux in WebAPP v0.9.9.2.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449573/100/200/threaded" - }, - { - "name" : "http://www.soulblack.com.ar/repo/tools/sbwebapp.txt", - "refsource" : "MISC", - "url" : "http://www.soulblack.com.ar/repo/tools/sbwebapp.txt" - }, - { - "name" : "http://www.defacers.com.mx/advisories/3.txt", - "refsource" : "MISC", - "url" : "http://www.defacers.com.mx/advisories/3.txt" - }, - { - "name" : "13637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13637" - }, - { - "name" : "ADV-2005-0554", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.soulblack.com.ar/repo/tools/sbwebapp.txt", + "refsource": "MISC", + "url": "http://www.soulblack.com.ar/repo/tools/sbwebapp.txt" + }, + { + "name": "20061023 Application orders Linux in WebAPP v0.9.9.2.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449517/100/200/threaded" + }, + { + "name": "13637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13637" + }, + { + "name": "http://www.defacers.com.mx/advisories/3.txt", + "refsource": "MISC", + "url": "http://www.defacers.com.mx/advisories/3.txt" + }, + { + "name": "20061024 Re: Application orders Linux in WebAPP v0.9.9.2.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449573/100/200/threaded" + }, + { + "name": "ADV-2005-0554", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0554" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1802.json b/2005/1xxx/CVE-2005-1802.json index d1fb9ee08ab..f93423524fa 100644 --- a/2005/1xxx/CVE-2005-1802.json +++ b/2005/1xxx/CVE-2005-1802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050531 Nortel VPN Router Malformed Packet DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/399423" - }, - { - "name" : "http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/", - "refsource" : "MISC", - "url" : "http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/" - }, - { - "name" : "13792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13792" - }, - { - "name" : "1014068", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014068", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014068" + }, + { + "name": "13792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13792" + }, + { + "name": "http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/", + "refsource": "MISC", + "url": "http://www.nta-monitor.com/news/vpn-flaws/nortel/vpn-router-dos/" + }, + { + "name": "20050531 Nortel VPN Router Malformed Packet DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/399423" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1943.json b/2005/1xxx/CVE-2005-1943.json index 84167a1bac2..8655e6ac9c8 100644 --- a/2005/1xxx/CVE-2005-1943.json +++ b/2005/1xxx/CVE-2005-1943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050608 2 SQL injection in Loki download manager v2.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111826992711703&w=2" - }, - { - "name" : "13898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13898" - }, - { - "name" : "13900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13900" - }, - { - "name" : "1014147", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014147" - }, - { - "name" : "15633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014147", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014147" + }, + { + "name": "13900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13900" + }, + { + "name": "20050608 2 SQL injection in Loki download manager v2.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111826992711703&w=2" + }, + { + "name": "13898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13898" + }, + { + "name": "15633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15633" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4231.json b/2005/4xxx/CVE-2005-4231.json index 12aad39ba82..91f1e216c77 100644 --- a/2005/4xxx/CVE-2005-4231.json +++ b/2005/4xxx/CVE-2005-4231.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/link-up-gold-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/link-up-gold-vuln.html" - }, - { - "name" : "15843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15843" - }, - { - "name" : "ADV-2005-2884", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2884" - }, - { - "name" : "18031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15843" + }, + { + "name": "18031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18031" + }, + { + "name": "ADV-2005-2884", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2884" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/link-up-gold-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/link-up-gold-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4470.json b/2005/4xxx/CVE-2005-4470.json index 598b5d40072..c5cd7d3130a 100644 --- a/2005/4xxx/CVE-2005-4470.json +++ b/2005/4xxx/CVE-2005-4470.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 [Overflow.pl] Blender BlenLoader Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419907/100/0/threaded" - }, - { - "name" : "http://www.overflow.pl/adv/blenderinteger.txt", - "refsource" : "MISC", - "url" : "http://www.overflow.pl/adv/blenderinteger.txt" - }, - { - "name" : "DSA-1039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1039" - }, - { - "name" : "GLSA-200601-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml" - }, - { - "name" : "USN-238-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/238-2/" - }, - { - "name" : "15981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15981" - }, - { - "name" : "ADV-2005-3032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3032" - }, - { - "name" : "18176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18176" - }, - { - "name" : "18178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18178" - }, - { - "name" : "18452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18452" - }, - { - "name" : "19754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18178" + }, + { + "name": "20051220 [Overflow.pl] Blender BlenLoader Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419907/100/0/threaded" + }, + { + "name": "19754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19754" + }, + { + "name": "DSA-1039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1039" + }, + { + "name": "ADV-2005-3032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3032" + }, + { + "name": "http://www.overflow.pl/adv/blenderinteger.txt", + "refsource": "MISC", + "url": "http://www.overflow.pl/adv/blenderinteger.txt" + }, + { + "name": "GLSA-200601-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml" + }, + { + "name": "18176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18176" + }, + { + "name": "15981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15981" + }, + { + "name": "USN-238-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/238-2/" + }, + { + "name": "18452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18452" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4607.json b/2005/4xxx/CVE-2005-4607.json index e067b87e234..4e8bf1d0e4a 100644 --- a/2005/4xxx/CVE-2005-4607.json +++ b/2005/4xxx/CVE-2005-4607.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html" - }, - { - "name" : "16123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16123" - }, - { - "name" : "ADV-2006-0009", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0009" - }, - { - "name" : "22143", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22143" - }, - { - "name" : "18282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18282" - }, - { - "name" : "bugport-index-xss(23920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bugport-index-xss(23920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23920" + }, + { + "name": "ADV-2006-0009", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0009" + }, + { + "name": "18282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18282" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html" + }, + { + "name": "16123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16123" + }, + { + "name": "22143", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22143" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0320.json b/2009/0xxx/CVE-2009-0320.json index a8db95d2225..bcc39ce272f 100644 --- a/2009/0xxx/CVE-2009-0320.json +++ b/2009/0xxx/CVE-2009-0320.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a \"benchmarking attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500393/100/0/threaded" - }, - { - "name" : "33440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a \"benchmarking attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33440" + }, + { + "name": "20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500393/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0504.json b/2009/0xxx/CVE-2009-0504.json index bf720e69498..be744322fdf 100644 --- a/2009/0xxx/CVE-2009-0504.json +++ b/2009/0xxx/CVE-2009-0504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK73573", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573" - }, - { - "name" : "websphere-wspolicy-information-disclosure(48700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websphere-wspolicy-information-disclosure(48700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48700" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "PK73573", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1195.json b/2009/1xxx/CVE-2009-1195.json index 194062a7c78..585f1f9010b 100644 --- a/2009/1xxx/CVE-2009-1195.json +++ b/2009/1xxx/CVE-2009-1195.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 rPSA-2009-0142-1 httpd mod_ssl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507852/100/0/threaded" - }, - { - "name" : "20091113 rPSA-2009-0142-2 httpd mod_ssl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507857/100/0/threaded" - }, - { - "name" : "[apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2" - }, - { - "name" : "http://svn.apache.org/viewvc?view=rev&revision=772997", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=rev&revision=772997" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=489436", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=489436" - }, - { - "name" : "http://support.apple.com/kb/HT3937", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3937" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142" - }, - { - "name" : "APPLE-SA-2009-11-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" - }, - { - "name" : "DSA-1816", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1816" - }, - { - "name" : "FEDORA-2009-8812", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html" - }, - { - "name" : "GLSA-200907-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-04.xml" - }, - { - "name" : "HPSBUX02612", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "SSRT100345", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" - }, - { - "name" : "MDVSA-2009:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124" - }, - { - "name" : "RHSA-2009:1075", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1075.html" - }, - { - "name" : "RHSA-2009:1156", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1156.html" - }, - { - "name" : "SUSE-SA:2009:050", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" - }, - { - "name" : "USN-787-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-787-1" - }, - { - "name" : "35115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35115" - }, - { - "name" : "54733", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54733" - }, - { - "name" : "oval:org.mitre.oval:def:11094", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094" - }, - { - "name" : "oval:org.mitre.oval:def:8704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704" - }, - { - "name" : "oval:org.mitre.oval:def:12377", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377" - }, - { - "name" : "1022296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022296" - }, - { - "name" : "35261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35261" - }, - { - "name" : "35264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35264" - }, - { - "name" : "35453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35453" - }, - { - "name" : "35395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35395" - }, - { - "name" : "35721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35721" - }, - { - "name" : "37152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37152" - }, - { - "name" : "ADV-2009-1444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1444" - }, - { - "name" : "ADV-2009-3184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3184" - }, - { - "name" : "apache-allowoverrides-security-bypass(50808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35261" + }, + { + "name": "FEDORA-2009-8812", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html" + }, + { + "name": "RHSA-2009:1075", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1075.html" + }, + { + "name": "oval:org.mitre.oval:def:8704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704" + }, + { + "name": "SUSE-SA:2009:050", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" + }, + { + "name": "apache-allowoverrides-security-bypass(50808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50808" + }, + { + "name": "RHSA-2009:1156", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=489436", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489436" + }, + { + "name": "35395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35395" + }, + { + "name": "37152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37152" + }, + { + "name": "54733", + "refsource": "OSVDB", + "url": "http://osvdb.org/54733" + }, + { + "name": "35115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35115" + }, + { + "name": "20091112 rPSA-2009-0142-1 httpd mod_ssl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507852/100/0/threaded" + }, + { + "name": "20091113 rPSA-2009-0142-2 httpd mod_ssl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded" + }, + { + "name": "HPSBUX02612", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "35453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35453" + }, + { + "name": "http://svn.apache.org/viewvc?view=rev&revision=772997", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=rev&revision=772997" + }, + { + "name": "GLSA-200907-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml" + }, + { + "name": "oval:org.mitre.oval:def:11094", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094" + }, + { + "name": "1022296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022296" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0142", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142" + }, + { + "name": "35264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35264" + }, + { + "name": "MDVSA-2009:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124" + }, + { + "name": "[apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2" + }, + { + "name": "oval:org.mitre.oval:def:12377", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377" + }, + { + "name": "ADV-2009-3184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3184" + }, + { + "name": "ADV-2009-1444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1444" + }, + { + "name": "SSRT100345", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2" + }, + { + "name": "APPLE-SA-2009-11-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" + }, + { + "name": "DSA-1816", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1816" + }, + { + "name": "35721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35721" + }, + { + "name": "http://support.apple.com/kb/HT3937", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3937" + }, + { + "name": "USN-787-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-787-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1358.json b/2009/1xxx/CVE-2009-1358.json index 23ee5d72169..b91961ee61d 100644 --- a/2009/1xxx/CVE-2009-1358.json +++ b/2009/1xxx/CVE-2009-1358.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091" - }, - { - "name" : "DSA-1779", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1779" - }, - { - "name" : "USN-762-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/762-1/" - }, - { - "name" : "34630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34630" - }, - { - "name" : "34829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34829" - }, - { - "name" : "34832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34832" - }, - { - "name" : "34874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34874" - }, - { - "name" : "apt-aptget-gpgv-security-bypass(50086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34874" + }, + { + "name": "DSA-1779", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1779" + }, + { + "name": "34829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34829" + }, + { + "name": "34630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34630" + }, + { + "name": "34832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34832" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012" + }, + { + "name": "USN-762-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/762-1/" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091" + }, + { + "name": "apt-aptget-gpgv-security-bypass(50086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1691.json b/2009/1xxx/CVE-2009-1691.json index 06bf0a02d8d..b7b1222ee13 100644 --- a/2009/1xxx/CVE-2009-1691.json +++ b/2009/1xxx/CVE-2009-1691.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35330" - }, - { - "name" : "54989", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54989" - }, - { - "name" : "1022344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022344" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022344" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "35330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35330" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "54989", + "refsource": "OSVDB", + "url": "http://osvdb.org/54989" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1805.json b/2009/1xxx/CVE-2009-1805.json index fec4d4a1d02..a022d4d6c13 100644 --- a/2009/1xxx/CVE-2009-1805.json +++ b/2009/1xxx/CVE-2009-1805.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503912/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0007.html" - }, - { - "name" : "35141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35141" - }, - { - "name" : "oval:org.mitre.oval:def:6130", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130" - }, - { - "name" : "1022300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022300" - }, - { - "name" : "35269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35269" - }, - { - "name" : "ADV-2009-1452", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35269" + }, + { + "name": "35141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35141" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html" + }, + { + "name": "oval:org.mitre.oval:def:6130", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130" + }, + { + "name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded" + }, + { + "name": "ADV-2009-1452", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1452" + }, + { + "name": "1022300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022300" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1993.json b/2009/1xxx/CVE-2009-1993.json index b7c54615f35..c4ca12c6783 100644 --- a/2009/1xxx/CVE-2009-1993.json +++ b/2009/1xxx/CVE-2009-1993.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36759" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "36759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36759" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1997.json b/2009/1xxx/CVE-2009-1997.json index f4468d7fe01..f410711a79f 100644 --- a/2009/1xxx/CVE-2009-1997.json +++ b/2009/1xxx/CVE-2009-1997.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36751" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + }, + { + "name": "36751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36751" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4041.json b/2009/4xxx/CVE-2009-4041.json index 99fe32a3c54..e60689868eb 100644 --- a/2009/4xxx/CVE-2009-4041.json +++ b/2009/4xxx/CVE-2009-4041.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.usebb.net/community/topic-2388.html", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic-2388.html" - }, - { - "name" : "http://www.usebb.net/community/topic-post9775.html", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic-post9775.html" - }, - { - "name" : "37010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37010" - }, - { - "name" : "37328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37328" - }, - { - "name" : "ADV-2009-3222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of service (infinite loop) via crafted BBCode tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37328" + }, + { + "name": "37010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37010" + }, + { + "name": "http://www.usebb.net/community/topic-2388.html", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic-2388.html" + }, + { + "name": "http://www.usebb.net/community/topic-post9775.html", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic-post9775.html" + }, + { + "name": "ADV-2009-3222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3222" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4522.json b/2009/4xxx/CVE-2009-4522.json index 25d1d301f38..9e4b4360064 100644 --- a/2009/4xxx/CVE-2009-4522.json +++ b/2009/4xxx/CVE-2009-4522.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt" - }, - { - "name" : "36700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36700" - }, - { - "name" : "58948", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58948" - }, - { - "name" : "37020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37020" - }, - { - "name" : "bloofoxcms-index-xss(53788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36700" + }, + { + "name": "58948", + "refsource": "OSVDB", + "url": "http://osvdb.org/58948" + }, + { + "name": "bloofoxcms-index-xss(53788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53788" + }, + { + "name": "37020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37020" + }, + { + "name": "http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4590.json b/2009/4xxx/CVE-2009-4590.json index be677eba2e8..95b8920ab4a 100644 --- a/2009/4xxx/CVE-2009-4590.json +++ b/2009/4xxx/CVE-2009-4590.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://base.secureideas.net/news.php", - "refsource" : "CONFIRM", - "url" : "http://base.secureideas.net/news.php" - }, - { - "name" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/docs/CHANGELOG?revision=1.359&view=markup", - "refsource" : "CONFIRM", - "url" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/docs/CHANGELOG?revision=1.359&view=markup" - }, - { - "name" : "37147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37147" - }, - { - "name" : "ADV-2009-3054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3054" - }, - { - "name" : "base-baselocalrules-xss(53968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "base-baselocalrules-xss(53968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53968" + }, + { + "name": "37147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37147" + }, + { + "name": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/docs/CHANGELOG?revision=1.359&view=markup", + "refsource": "CONFIRM", + "url": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/docs/CHANGELOG?revision=1.359&view=markup" + }, + { + "name": "http://base.secureideas.net/news.php", + "refsource": "CONFIRM", + "url": "http://base.secureideas.net/news.php" + }, + { + "name": "ADV-2009-3054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3054" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4899.json b/2009/4xxx/CVE-2009-4899.json index c7010779e30..f3921be1a0f 100644 --- a/2009/4xxx/CVE-2009-4899.json +++ b/2009/4xxx/CVE-2009-4899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4899", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2208.json b/2012/2xxx/CVE-2012-2208.json index 5f87dd9868f..7fa6c3c5179 100644 --- a/2012/2xxx/CVE-2012-2208.json +++ b/2012/2xxx/CVE-2012-2208.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120425 Multiple vulnerabilities in Piwigo", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html" - }, - { - "name" : "18782", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18782" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23085", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23085" - }, - { - "name" : "http://piwigo.org/bugs/view.php?id=2607", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/bugs/view.php?id=2607" - }, - { - "name" : "http://piwigo.org/forum/viewtopic.php?id=19173", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/forum/viewtopic.php?id=19173" - }, - { - "name" : "http://piwigo.org/releases/2.3.4", - "refsource" : "CONFIRM", - "url" : "http://piwigo.org/releases/2.3.4" - }, - { - "name" : "53245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53245" - }, - { - "name" : "48903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48903" - }, - { - "name" : "piwigo-language-directory-traversal(75185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18782", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18782" + }, + { + "name": "http://piwigo.org/forum/viewtopic.php?id=19173", + "refsource": "CONFIRM", + "url": "http://piwigo.org/forum/viewtopic.php?id=19173" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23085", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23085" + }, + { + "name": "http://piwigo.org/releases/2.3.4", + "refsource": "CONFIRM", + "url": "http://piwigo.org/releases/2.3.4" + }, + { + "name": "piwigo-language-directory-traversal(75185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75185" + }, + { + "name": "53245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53245" + }, + { + "name": "48903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48903" + }, + { + "name": "http://piwigo.org/bugs/view.php?id=2607", + "refsource": "CONFIRM", + "url": "http://piwigo.org/bugs/view.php?id=2607" + }, + { + "name": "20120425 Multiple vulnerabilities in Piwigo", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2587.json b/2012/2xxx/CVE-2012-2587.json index ffc1f6402e5..db8a6c9de44 100644 --- a/2012/2xxx/CVE-2012-2587.json +++ b/2012/2xxx/CVE-2012-2587.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20352", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20352/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20352", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20352/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2735.json b/2012/2xxx/CVE-2012-2735.json index 61a29a7fae3..b3dda87141f 100644 --- a/2012/2xxx/CVE-2012-2735.json +++ b/2012/2xxx/CVE-2012-2735.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151", - "refsource" : "MISC", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151" - }, - { - "name" : "RHSA-2012:1278", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1278.html" - }, - { - "name" : "RHSA-2012:1281", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1281.html" - }, - { - "name" : "55618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55618" - }, - { - "name" : "50660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50660" - }, - { - "name" : "cumin-redhat-session-hijacking(78776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55618" + }, + { + "name": "RHSA-2012:1278", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html" + }, + { + "name": "RHSA-2012:1281", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html" + }, + { + "name": "cumin-redhat-session-hijacking(78776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151", + "refsource": "MISC", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151" + }, + { + "name": "50660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50660" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2813.json b/2012/2xxx/CVE-2012-2813.json index 3cc92455b39..3bad9236729 100644 --- a/2012/2xxx/CVE-2012-2813.json +++ b/2012/2xxx/CVE-2012-2813.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" - }, - { - "name" : "DSA-2559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2559" - }, - { - "name" : "RHSA-2012:1255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" - }, - { - "name" : "SUSE-SU-2012:0903", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" - }, - { - "name" : "USN-1513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1513-1" - }, - { - "name" : "54437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54437" - }, - { - "name" : "49988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54437" + }, + { + "name": "DSA-2559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2559" + }, + { + "name": "SUSE-SU-2012:0903", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" + }, + { + "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" + }, + { + "name": "49988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49988" + }, + { + "name": "RHSA-2012:1255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html" + }, + { + "name": "USN-1513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1513-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2839.json b/2012/2xxx/CVE-2012-2839.json index 8a7ece2f9fd..0bf33583bc3 100644 --- a/2012/2xxx/CVE-2012-2839.json +++ b/2012/2xxx/CVE-2012-2839.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2839", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2839", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2942.json b/2012/2xxx/CVE-2012-2942.json index 167f4c19c76..95499c2bacc 100644 --- a/2012/2xxx/CVE-2012-2942.json +++ b/2012/2xxx/CVE-2012-2942.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120523 CVE request: haproxy trash buffer overflow flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/12" - }, - { - "name" : "[oss-security] 20120523 Re: CVE request: haproxy trash buffer overflow flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/15" - }, - { - "name" : "[oss-security] 20120528 Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/28/1" - }, - { - "name" : "http://haproxy.1wt.eu/#news", - "refsource" : "CONFIRM", - "url" : "http://haproxy.1wt.eu/#news" - }, - { - "name" : "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG" - }, - { - "name" : "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b", - "refsource" : "CONFIRM", - "url" : "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b" - }, - { - "name" : "DSA-2711", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2711" - }, - { - "name" : "GLSA-201301-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-02.xml" - }, - { - "name" : "USN-1800-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1800-1" - }, - { - "name" : "53647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53647" - }, - { - "name" : "49261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49261" - }, - { - "name" : "haproxy-trash-bo(75777)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120528 Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/28/1" + }, + { + "name": "GLSA-201301-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-02.xml" + }, + { + "name": "[oss-security] 20120523 Re: CVE request: haproxy trash buffer overflow flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/15" + }, + { + "name": "haproxy-trash-bo(75777)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75777" + }, + { + "name": "53647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53647" + }, + { + "name": "http://haproxy.1wt.eu/#news", + "refsource": "CONFIRM", + "url": "http://haproxy.1wt.eu/#news" + }, + { + "name": "DSA-2711", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2711" + }, + { + "name": "49261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49261" + }, + { + "name": "USN-1800-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1800-1" + }, + { + "name": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b", + "refsource": "CONFIRM", + "url": "http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b" + }, + { + "name": "[oss-security] 20120523 CVE request: haproxy trash buffer overflow flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/12" + }, + { + "name": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://haproxy.1wt.eu/download/1.4/src/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3145.json b/2012/3xxx/CVE-2012-3145.json index 53228d222c2..4e922bfcc58 100644 --- a/2012/3xxx/CVE-2012-3145.json +++ b/2012/3xxx/CVE-2012-3145.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "51019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51019" - }, - { - "name" : "flexcubedirectbanking-ba-info-disc(79356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "flexcubedirectbanking-ba-info-disc(79356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79356" + }, + { + "name": "51019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51019" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3497.json b/2012/3xxx/CVE-2012-3497.json index a8e6f8c4ea1..d6d6dd582d8 100644 --- a/2012/3xxx/CVE-2012-3497.json +++ b/2012/3xxx/CVE-2012-3497.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html" - }, - { - "name" : "[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/8" - }, - { - "name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "SUSE-SU-2012:1486", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:1487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "55410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55410" - }, - { - "name" : "85199", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85199" - }, - { - "name" : "1027482", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027482" - }, - { - "name" : "50472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50472" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "51324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51324" - }, - { - "name" : "51352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51352" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-tmem-priv-esc(78268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "1027482", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027482" + }, + { + "name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities", + "refsource": "CONFIRM", + "url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-15_multiple_TMEM_hypercall_vulnerabilities" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "55410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55410" + }, + { + "name": "SUSE-SU-2012:1486", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" + }, + { + "name": "[oss-security] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/8" + }, + { + "name": "xen-tmem-priv-esc(78268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78268" + }, + { + "name": "85199", + "refsource": "OSVDB", + "url": "http://osvdb.org/85199" + }, + { + "name": "[Xen-announce] 20120905 Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "50472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50472" + }, + { + "name": "SUSE-SU-2012:1487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "51352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51352" + }, + { + "name": "51324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51324" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6118.json b/2012/6xxx/CVE-2012-6118.json index f1856e5c043..f99307e9d05 100644 --- a/2012/6xxx/CVE-2012-6118.json +++ b/2012/6xxx/CVE-2012-6118.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=906192", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=906192" - }, - { - "name" : "RHSA-2013:0545", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0545.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=906192", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906192" + }, + { + "name": "RHSA-2013:0545", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0545.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6249.json b/2012/6xxx/CVE-2012-6249.json index 8086b8beb44..bbc4f4b732e 100644 --- a/2012/6xxx/CVE-2012-6249.json +++ b/2012/6xxx/CVE-2012-6249.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6249", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6249", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6310.json b/2012/6xxx/CVE-2012-6310.json index c57df267a1f..b2459187cde 100644 --- a/2012/6xxx/CVE-2012-6310.json +++ b/2012/6xxx/CVE-2012-6310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6446.json b/2012/6xxx/CVE-2012-6446.json index 43f50d0a8c8..95b34b7a904 100644 --- a/2012/6xxx/CVE-2012-6446.json +++ b/2012/6xxx/CVE-2012-6446.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6446", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6446", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5244.json b/2015/5xxx/CVE-2015-5244.json index 18b3a79d1db..35a14b0c277 100644 --- a/2015/5xxx/CVE-2015-5244.json +++ b/2015/5xxx/CVE-2015-5244.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1259216", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1259216" - }, - { - "name" : "https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110", - "refsource" : "CONFIRM", - "url" : "https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110" - }, - { - "name" : "FEDORA-2015-c76c1c84cf", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html" - }, - { - "name" : "FEDORA-2016-6aa4dd4f3a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110", + "refsource": "CONFIRM", + "url": "https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110" + }, + { + "name": "FEDORA-2015-c76c1c84cf", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html" + }, + { + "name": "FEDORA-2016-6aa4dd4f3a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1259216", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259216" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5374.json b/2015/5xxx/CVE-2015-5374.json index c0f86aa7195..255fcba3cba 100644 --- a/2015/5xxx/CVE-2015-5374.json +++ b/2015/5xxx/CVE-2015-5374.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2017-07-04T00:00:00", - "ID" : "CVE-2015-5374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2017-07-04T00:00:00", + "ID": "CVE-2015-5374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44103", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44103/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf" - }, - { - "name" : "75948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf" + }, + { + "name": "44103", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44103/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03" + }, + { + "name": "75948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75948" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5608.json b/2015/5xxx/CVE-2015-5608.json index d3b1fc0d5a5..dff672573ab 100644 --- a/2015/5xxx/CVE-2015-5608.json +++ b/2015/5xxx/CVE-2015-5608.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html" - }, - { - "name" : "76496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html" + }, + { + "name": "76496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76496" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2237.json b/2017/2xxx/CVE-2017-2237.json index 16780c751bd..943b9be29ce 100644 --- a/2017/2xxx/CVE-2017-2237.json +++ b/2017/2xxx/CVE-2017-2237.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Toshiba Home gateway HEM-GW16A", - "version" : { - "version_data" : [ - { - "version_value" : "firmware HEM-GW16A-FW-V1.2.0 and earlier" - } - ] - } - }, - { - "product_name" : "Toshiba Home gateway HEM-GW26A", - "version" : { - "version_data" : [ - { - "version_value" : "firmware HEM-GW26A-FW-V1.2.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Lighting & Technology Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Toshiba Home gateway HEM-GW16A", + "version": { + "version_data": [ + { + "version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier" + } + ] + } + }, + { + "product_name": "Toshiba Home gateway HEM-GW26A", + "version": { + "version_data": [ + { + "version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Lighting & Technology Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#85901441", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85901441/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#85901441", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85901441/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11003.json b/2018/11xxx/CVE-2018-11003.json index ec17ffb0ba8..07d532b9de3 100644 --- a/2018/11xxx/CVE-2018-11003.json +++ b/2018/11xxx/CVE-2018-11003.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TekerFue/YXcms-Code-Audit/blob/master/1.4.7%20csrf", - "refsource" : "MISC", - "url" : "https://github.com/TekerFue/YXcms-Code-Audit/blob/master/1.4.7%20csrf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TekerFue/YXcms-Code-Audit/blob/master/1.4.7%20csrf", + "refsource": "MISC", + "url": "https://github.com/TekerFue/YXcms-Code-Audit/blob/master/1.4.7%20csrf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11073.json b/2018/11xxx/CVE-2018-11073.json index c69d2bc07cc..dbfe8782206 100644 --- a/2018/11xxx/CVE-2018-11073.json +++ b/2018/11xxx/CVE-2018-11073.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-21T17:00:00.000Z", - "ID" : "CVE-2018-11073", - "STATE" : "PUBLIC", - "TITLE" : "DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Authentication Manager", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "8.3 P3" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "stored cross-site scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-21T17:00:00.000Z", + "ID": "CVE-2018-11073", + "STATE": "PUBLIC", + "TITLE": "DSA-2018-152: RSA\u00ae Authentication Manager Multiple Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Authentication Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "8.3 P3" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180921 DSA-2018-152: RSA Authentication Manager Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/39" - }, - { - "name" : "105410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105410" - }, - { - "name" : "1041697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041697" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stored cross-site scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180921 DSA-2018-152: RSA Authentication Manager Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/39" + }, + { + "name": "1041697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041697" + }, + { + "name": "105410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105410" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11134.json b/2018/11xxx/CVE-2018-11134.json index 3aed7b0ac4a..bc1cfbf7fc7 100644 --- a/2018/11xxx/CVE-2018-11134.json +++ b/2018/11xxx/CVE-2018-11134.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11576.json b/2018/11xxx/CVE-2018-11576.json index 24c786ea28d..fa107aa59ee 100644 --- a/2018/11xxx/CVE-2018-11576.json +++ b/2018/11xxx/CVE-2018-11576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib", - "refsource" : "MISC", - "url" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib" - }, - { - "name" : "https://github.com/miniupnp/ngiflib/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/miniupnp/ngiflib/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/miniupnp/ngiflib/issues/6", + "refsource": "MISC", + "url": "https://github.com/miniupnp/ngiflib/issues/6" + }, + { + "name": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib", + "refsource": "MISC", + "url": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11912.json b/2018/11xxx/CVE-2018-11912.json index 8630c6fec63..1d1cb2c9fa1 100644 --- a/2018/11xxx/CVE-2018-11912.json +++ b/2018/11xxx/CVE-2018-11912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=36a2b6dbb9b7839dcb2127bb5d6a5d90c520345f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=36a2b6dbb9b7839dcb2127bb5d6a5d90c520345f" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=36a2b6dbb9b7839dcb2127bb5d6a5d90c520345f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=36a2b6dbb9b7839dcb2127bb5d6a5d90c520345f" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14864.json b/2018/14xxx/CVE-2018-14864.json index 62fb34cff4f..01dc19bcd6f 100644 --- a/2018/14xxx/CVE-2018-14864.json +++ b/2018/14xxx/CVE-2018-14864.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14864", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14864", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14967.json b/2018/14xxx/CVE-2018-14967.json index 04ca1088a0f..0521cf932dc 100644 --- a/2018/14xxx/CVE-2018-14967.json +++ b/2018/14xxx/CVE-2018-14967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in EMLsoft 5.4.5. upload\\eml\\action\\action.user.php has SQL Injection via the numPerPage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/emlsoft/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/emlsoft/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EMLsoft 5.4.5. upload\\eml\\action\\action.user.php has SQL Injection via the numPerPage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/emlsoft/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/emlsoft/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15176.json b/2018/15xxx/CVE-2018-15176.json index 47f0e0a59b0..629b6aa037c 100644 --- a/2018/15xxx/CVE-2018-15176.json +++ b/2018/15xxx/CVE-2018-15176.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code610.blogspot.com/2018/08/updating-xnview.html", - "refsource" : "MISC", - "url" : "http://code610.blogspot.com/2018/08/updating-xnview.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code610.blogspot.com/2018/08/updating-xnview.html", + "refsource": "MISC", + "url": "http://code610.blogspot.com/2018/08/updating-xnview.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15181.json b/2018/15xxx/CVE-2018-15181.json index a142019c76a..3de516ce72d 100644 --- a/2018/15xxx/CVE-2018-15181.json +++ b/2018/15xxx/CVE-2018-15181.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45199", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45199/" - }, - { - "name" : "https://gkaim.com/cve-2018-15181-vikas-chaudhary/", - "refsource" : "MISC", - "url" : "https://gkaim.com/cve-2018-15181-vikas-chaudhary/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45199", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45199/" + }, + { + "name": "https://gkaim.com/cve-2018-15181-vikas-chaudhary/", + "refsource": "MISC", + "url": "https://gkaim.com/cve-2018-15181-vikas-chaudhary/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15606.json b/2018/15xxx/CVE-2018-15606.json index 7ef8129a393..bdbeaee019f 100644 --- a/2018/15xxx/CVE-2018-15606.json +++ b/2018/15xxx/CVE-2018-15606.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.suitecrm.com/admin/releases/#anchor-7.10.8", - "refsource" : "CONFIRM", - "url" : "https://docs.suitecrm.com/admin/releases/#anchor-7.10.8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.suitecrm.com/admin/releases/#anchor-7.10.8", + "refsource": "CONFIRM", + "url": "https://docs.suitecrm.com/admin/releases/#anchor-7.10.8" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15998.json b/2018/15xxx/CVE-2018-15998.json index eecc125ad4c..63a305fe0cb 100644 --- a/2018/15xxx/CVE-2018-15998.json +++ b/2018/15xxx/CVE-2018-15998.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + }, + { + "name": "106163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106163" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3334.json b/2018/3xxx/CVE-2018-3334.json index 4236b7b1c3e..eb729199dfe 100644 --- a/2018/3xxx/CVE-2018-3334.json +++ b/2018/3xxx/CVE-2018-3334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3334", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3334", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3651.json b/2018/3xxx/CVE-2018-3651.json index a1020f8cefa..39b818eb98b 100644 --- a/2018/3xxx/CVE-2018-3651.json +++ b/2018/3xxx/CVE-2018-3651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3651", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3651", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8452.json b/2018/8xxx/CVE-2018-8452.json index 63a378e50d9..9f3221f969b 100644 --- a/2018/8xxx/CVE-2018-8452.json +++ b/2018/8xxx/CVE-2018-8452.json @@ -1,173 +1,173 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452" - }, - { - "name" : "105252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105252" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka \"Scripting Engine Information Disclosure Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452" + }, + { + "name": "105252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105252" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8566.json b/2018/8xxx/CVE-2018-8566.json index ac6e583c116..29709e31d40 100644 --- a/2018/8xxx/CVE-2018-8566.json +++ b/2018/8xxx/CVE-2018-8566.json @@ -1,136 +1,136 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka \"BitLocker Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566" - }, - { - "name" : "105806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka \"BitLocker Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566" + }, + { + "name": "105806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105806" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8711.json b/2018/8xxx/CVE-2018-8711.json index 20c17063c5c..b441380f769 100644 --- a/2018/8xxx/CVE-2018-8711.json +++ b/2018/8xxx/CVE-2018-8711.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html", - "refsource" : "MISC", - "url" : "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html" - }, - { - "name" : "https://wordpress.org/plugins/woocommerce-products-filter/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/woocommerce-products-filter/#developers" - }, - { - "name" : "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/", - "refsource" : "MISC", - "url" : "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/woocommerce-products-filter/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/woocommerce-products-filter/#developers" + }, + { + "name": "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html", + "refsource": "MISC", + "url": "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html" + }, + { + "name": "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/", + "refsource": "MISC", + "url": "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8986.json b/2018/8xxx/CVE-2018-8986.json index c9cf3c8557d..8f2e1c2ddb3 100644 --- a/2018/8xxx/CVE-2018-8986.json +++ b/2018/8xxx/CVE-2018-8986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file