From 64887179369c3f8c9e37ae46fca07012b1c34b40 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:52:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0587.json | 140 ++++++------ 2002/0xxx/CVE-2002-0624.json | 140 ++++++------ 2002/0xxx/CVE-2002-0897.json | 150 ++++++------- 2002/1xxx/CVE-2002-1351.json | 150 ++++++------- 2002/2xxx/CVE-2002-2075.json | 130 +++++------ 2002/2xxx/CVE-2002-2442.json | 34 +-- 2005/0xxx/CVE-2005-0392.json | 130 +++++------ 2005/1xxx/CVE-2005-1110.json | 140 ++++++------ 2005/1xxx/CVE-2005-1659.json | 130 +++++------ 2005/1xxx/CVE-2005-1807.json | 210 +++++++++--------- 2005/1xxx/CVE-2005-1936.json | 170 +++++++-------- 2009/0xxx/CVE-2009-0511.json | 250 +++++++++++----------- 2009/1xxx/CVE-2009-1108.json | 34 +-- 2009/1xxx/CVE-2009-1126.json | 180 ++++++++-------- 2009/1xxx/CVE-2009-1141.json | 180 ++++++++-------- 2009/1xxx/CVE-2009-1417.json | 200 ++++++++--------- 2009/1xxx/CVE-2009-1579.json | 380 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1818.json | 140 ++++++------ 2009/5xxx/CVE-2009-5077.json | 120 +++++------ 2012/0xxx/CVE-2012-0301.json | 130 +++++------ 2012/0xxx/CVE-2012-0736.json | 160 +++++++------- 2012/2xxx/CVE-2012-2267.json | 160 +++++++------- 2012/3xxx/CVE-2012-3105.json | 140 ++++++------ 2012/3xxx/CVE-2012-3132.json | 190 ++++++++--------- 2012/3xxx/CVE-2012-3757.json | 180 ++++++++-------- 2012/4xxx/CVE-2012-4369.json | 34 +-- 2012/4xxx/CVE-2012-4506.json | 180 ++++++++-------- 2012/4xxx/CVE-2012-4991.json | 120 +++++------ 2012/6xxx/CVE-2012-6186.json | 34 +-- 2012/6xxx/CVE-2012-6505.json | 160 +++++++------- 2012/6xxx/CVE-2012-6645.json | 260 +++++++++++----------- 2017/2xxx/CVE-2017-2101.json | 130 +++++------ 2017/2xxx/CVE-2017-2536.json | 180 ++++++++-------- 2017/2xxx/CVE-2017-2820.json | 132 ++++++------ 2017/6xxx/CVE-2017-6163.json | 178 +++++++-------- 2017/6xxx/CVE-2017-6457.json | 34 +-- 2017/6xxx/CVE-2017-6720.json | 130 +++++------ 2017/6xxx/CVE-2017-6822.json | 34 +-- 2018/11xxx/CVE-2018-11088.json | 152 ++++++------- 2018/11xxx/CVE-2018-11130.json | 120 +++++------ 2018/11xxx/CVE-2018-11988.json | 120 +++++------ 2018/14xxx/CVE-2018-14114.json | 34 +-- 2018/14xxx/CVE-2018-14369.json | 170 +++++++-------- 2018/14xxx/CVE-2018-14376.json | 34 +-- 2018/14xxx/CVE-2018-14389.json | 120 +++++------ 2018/14xxx/CVE-2018-14997.json | 34 +-- 2018/15xxx/CVE-2018-15015.json | 34 +-- 2018/15xxx/CVE-2018-15079.json | 34 +-- 2018/15xxx/CVE-2018-15163.json | 34 +-- 2018/15xxx/CVE-2018-15291.json | 34 +-- 2018/20xxx/CVE-2018-20414.json | 34 +-- 2018/20xxx/CVE-2018-20676.json | 160 +++++++------- 52 files changed, 3344 insertions(+), 3344 deletions(-) diff --git a/2002/0xxx/CVE-2002-0587.json b/2002/0xxx/CVE-2002-0587.json index 331e4636ce4..d7197f7a14d 100644 --- a/2002/0xxx/CVE-2002-0587.json +++ b/2002/0xxx/CVE-2002-0587.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html" - }, - { - "name" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html" + }, + { + "name": "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0624.json b/2002/0xxx/CVE-2002-0624.json index 14fe45b92b2..67b00626069 100644 --- a/2002/0xxx/CVE-2002-0624.json +++ b/2002/0xxx/CVE-2002-0624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka \"Unchecked Buffer in Password Encryption Procedure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034" - }, - { - "name" : "CA-2002-22", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-22.html" - }, - { - "name" : "oval:org.mitre.oval:def:291", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka \"Unchecked Buffer in Password Encryption Procedure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:291", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291" + }, + { + "name": "CA-2002-22", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-22.html" + }, + { + "name": "MS02-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0897.json b/2002/0xxx/CVE-2002-0897.json index 11a9cc3cafb..ce0cc7ddde5 100644 --- a/2002/0xxx/CVE-2002-0897.json +++ b/2002/0xxx/CVE-2002-0897.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the \"/./\" directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html" - }, - { - "name" : "20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274020" - }, - { - "name" : "4820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4820" - }, - { - "name" : "localweb2k-protection-bypass(9165)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9165.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the \"/./\" directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4820" + }, + { + "name": "localweb2k-protection-bypass(9165)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9165.php" + }, + { + "name": "20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274020" + }, + { + "name": "20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1351.json b/2002/1xxx/CVE-2002-1351.json index fb2e75fa029..15333f73c79 100644 --- a/2002/1xxx/CVE-2002-1351.json +++ b/2002/1xxx/CVE-2002-1351.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021216 Melange Chat System Remote Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=33&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "6477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6477" - }, - { - "name" : "1005831", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005831" - }, - { - "name" : "melange-msgtext-chatinterpretdata-bo(10939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021216 Melange Chat System Remote Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=33&type=vulnerabilities&flashstatus=false" + }, + { + "name": "1005831", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005831" + }, + { + "name": "6477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6477" + }, + { + "name": "melange-msgtext-chatinterpretdata-bo(10939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10939" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2075.json b/2002/2xxx/CVE-2002-2075.json index 6c70702b0a0..4f2926dd97e 100644 --- a/2002/2xxx/CVE-2002-2075.json +++ b/2002/2xxx/CVE-2002-2075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020419 DOS for Icq 2001&2002", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0295.html" - }, - { - "name" : "icq-contacts-dos(8909)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8909.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icq-contacts-dos(8909)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8909.php" + }, + { + "name": "20020419 DOS for Icq 2001&2002", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0295.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2442.json b/2002/2xxx/CVE-2002-2442.json index 6612119d195..673fa8a8bba 100644 --- a/2002/2xxx/CVE-2002-2442.json +++ b/2002/2xxx/CVE-2002-2442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0392.json b/2005/0xxx/CVE-2005-0392.json index 1660d0174a3..c818389bb18 100644 --- a/2005/0xxx/CVE-2005-0392.json +++ b/2005/0xxx/CVE-2005-0392.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-725", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-725" - }, - { - "name" : "13681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13681" + }, + { + "name": "DSA-725", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-725" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1110.json b/2005/1xxx/CVE-2005-1110.json index d2533db9b58..93095e2d183 100644 --- a/2005/1xxx/CVE-2005-1110.json +++ b/2005/1xxx/CVE-2005-1110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050414 sumus[v0.2.2]: (httpd) remote buffer overflow exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111350491800089&w=2" - }, - { - "name" : "1013717", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013717" - }, - { - "name" : "sumus-respondehttppendiente-bo(20110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sumus-respondehttppendiente-bo(20110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20110" + }, + { + "name": "20050414 sumus[v0.2.2]: (httpd) remote buffer overflow exploit.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111350491800089&w=2" + }, + { + "name": "1013717", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013717" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1659.json b/2005/1xxx/CVE-2005-1659.json index 5f733090f23..c335f163aba 100644 --- a/2005/1xxx/CVE-2005-1659.json +++ b/2005/1xxx/CVE-2005-1659.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a \"...\" (triple dot) followed by an onmouseover event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15274" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a \"...\" (triple dot) followed by an onmouseover event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15274" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1807.json b/2005/1xxx/CVE-2005-1807.json index f03d541993f..feeedb6a4de 100644 --- a/2005/1xxx/CVE-2005-1807.json +++ b/2005/1xxx/CVE-2005-1807.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050530 CYBSEC - PHPMailer Infinite Loop Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/May/0337.html" - }, - { - "name" : "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031" - }, - { - "name" : "13805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13805" - }, - { - "name" : "ADV-2006-0448", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0448" - }, - { - "name" : "ADV-2007-2242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2242" - }, - { - "name" : "1014069", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014069" - }, - { - "name" : "15543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15543" - }, - { - "name" : "18732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18732" - }, - { - "name" : "25726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-2242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2242" + }, + { + "name": "ADV-2006-0448", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0448" + }, + { + "name": "1014069", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014069" + }, + { + "name": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf" + }, + { + "name": "20050530 CYBSEC - PHPMailer Infinite Loop Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/May/0337.html" + }, + { + "name": "13805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13805" + }, + { + "name": "25726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25726" + }, + { + "name": "15543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15543" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031" + }, + { + "name": "18732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18732" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1936.json b/2005/1xxx/CVE-2005-1936.json index 1f3d21e7713..275318dcf9d 100644 --- a/2005/1xxx/CVE-2005-1936.json +++ b/2005/1xxx/CVE-2005-1936.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to \"gain unauthorized access.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf" - }, - { - "name" : "12783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12783" - }, - { - "name" : "ADV-2005-0255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0255" - }, - { - "name" : "14659", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14659" - }, - { - "name" : "14556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14556" - }, - { - "name" : "xerox-document-security-bypass(19661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to \"gain unauthorized access.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xerox-document-security-bypass(19661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19661" + }, + { + "name": "12783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12783" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf" + }, + { + "name": "14659", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14659" + }, + { + "name": "ADV-2005-0255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0255" + }, + { + "name": "14556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14556" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0511.json b/2009/0xxx/CVE-2009-0511.json index 63a0d759113..58e25579e47 100644 --- a/2009/0xxx/CVE-2009-0511.json +++ b/2009/0xxx/CVE-2009-0511.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html" - }, - { - "name" : "GLSA-200907-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml" - }, - { - "name" : "RHSA-2009:1109", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1109.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "SUSE-SA:2009:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html" - }, - { - "name" : "TA09-161A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-161A.html" - }, - { - "name" : "35274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35274" - }, - { - "name" : "1022361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022361" - }, - { - "name" : "34580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34580" - }, - { - "name" : "35496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35496" - }, - { - "name" : "35655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35655" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "35734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35734" - }, - { - "name" : "ADV-2009-1547", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35274" + }, + { + "name": "ADV-2009-1547", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1547" + }, + { + "name": "35655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35655" + }, + { + "name": "TA09-161A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-161A.html" + }, + { + "name": "35734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35734" + }, + { + "name": "RHSA-2009:1109", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1109.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-07.html" + }, + { + "name": "SUSE-SA:2009:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html" + }, + { + "name": "1022361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022361" + }, + { + "name": "GLSA-200907-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-06.xml" + }, + { + "name": "34580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34580" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "35496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35496" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1108.json b/2009/1xxx/CVE-2009-1108.json index 3c42780d32a..96b2665ead1 100644 --- a/2009/1xxx/CVE-2009-1108.json +++ b/2009/1xxx/CVE-2009-1108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1108", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1108", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1126.json b/2009/1xxx/CVE-2009-1126.json index 8b9393a547a..7f2d1e9c937 100644 --- a/2009/1xxx/CVE-2009-1126.json +++ b/2009/1xxx/CVE-2009-1126.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka \"Windows Desktop Parameter Edit Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-025", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "54943", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54943" - }, - { - "name" : "oval:org.mitre.oval:def:6016", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6016" - }, - { - "name" : "1022359", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022359" - }, - { - "name" : "35372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35372" - }, - { - "name" : "ADV-2009-1544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka \"Windows Desktop Parameter Edit Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35372" + }, + { + "name": "oval:org.mitre.oval:def:6016", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6016" + }, + { + "name": "ADV-2009-1544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1544" + }, + { + "name": "54943", + "refsource": "OSVDB", + "url": "http://osvdb.org/54943" + }, + { + "name": "MS09-025", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-025" + }, + { + "name": "1022359", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022359" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1141.json b/2009/1xxx/CVE-2009-1141.json index b648c0fbea8..2817edf4fe5 100644 --- a/2009/1xxx/CVE-2009-1141.json +++ b/2009/1xxx/CVE-2009-1141.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the \"insertion, deletion and attributes of a table cell,\" which trigger memory corruption when the window is destroyed, aka \"DHTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504207/100/0/threaded" - }, - { - "name" : "http://www.fortiguardcenter.com/advisory/FGA-2009-22.html", - "refsource" : "MISC", - "url" : "http://www.fortiguardcenter.com/advisory/FGA-2009-22.html" - }, - { - "name" : "MS09-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "oval:org.mitre.oval:def:5554", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5554" - }, - { - "name" : "1022350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022350" - }, - { - "name" : "ADV-2009-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the \"insertion, deletion and attributes of a table cell,\" which trigger memory corruption when the window is destroyed, aka \"DHTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1538" + }, + { + "name": "MS09-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" + }, + { + "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-22.html", + "refsource": "MISC", + "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-22.html" + }, + { + "name": "20090610 FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504207/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:5554", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5554" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022350" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1417.json b/2009/1xxx/CVE-2009-1417.json index 95fd2353517..43296c0ce60 100644 --- a/2009/1xxx/CVE-2009-1417.json +++ b/2009/1xxx/CVE-2009-1417.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517" - }, - { - "name" : "GLSA-200905-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200905-04.xml" - }, - { - "name" : "MDVSA-2009:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116" - }, - { - "name" : "34783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34783" - }, - { - "name" : "1022159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022159" - }, - { - "name" : "34842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34842" - }, - { - "name" : "35211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35211" - }, - { - "name" : "ADV-2009-1218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1218" - }, - { - "name" : "gnutls-gnutlscli-spoofing(50261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnutls-gnutlscli-spoofing(50261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50261" + }, + { + "name": "1022159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022159" + }, + { + "name": "ADV-2009-1218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1218" + }, + { + "name": "34783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34783" + }, + { + "name": "GLSA-200905-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200905-04.xml" + }, + { + "name": "[gnutls-devel] 20090430 Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517" + }, + { + "name": "34842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34842" + }, + { + "name": "35211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35211" + }, + { + "name": "MDVSA-2009:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1579.json b/2009/1xxx/CVE-2009-1579.json index f76aa5eec4f..2ccd7526f4d 100644 --- a/2009/1xxx/CVE-2009-1579.json +++ b/2009/1xxx/CVE-2009-1579.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2009-05-10", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2009-05-10" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500360", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500360" - }, - { - "name" : "http://download.gna.org/nasmail/nasmail-1.7.zip", - "refsource" : "CONFIRM", - "url" : "http://download.gna.org/nasmail/nasmail-1.7.zip" - }, - { - "name" : "https://gna.org/forum/forum.php?forum_id=2146", - "refsource" : "CONFIRM", - "url" : "https://gna.org/forum/forum.php?forum_id=2146" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "DSA-1802", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1802" - }, - { - "name" : "FEDORA-2009-4870", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" - }, - { - "name" : "FEDORA-2009-4880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" - }, - { - "name" : "FEDORA-2009-4875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" - }, - { - "name" : "MDVSA-2009:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" - }, - { - "name" : "RHSA-2009:1066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1066.html" - }, - { - "name" : "34916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34916" - }, - { - "name" : "oval:org.mitre.oval:def:10986", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986" - }, - { - "name" : "35052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35052" - }, - { - "name" : "35073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35073" - }, - { - "name" : "35140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35140" - }, - { - "name" : "37415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37415" - }, - { - "name" : "35259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35259" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2009-1296", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1296" - }, - { - "name" : "ADV-2009-3315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3315" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - }, - { - "name" : "squirrelmail-mapypalias-code-execution(50461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:10986", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674" + }, + { + "name": "https://gna.org/forum/forum.php?forum_id=2146", + "refsource": "CONFIRM", + "url": "https://gna.org/forum/forum.php?forum_id=2146" + }, + { + "name": "MDVSA-2009:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" + }, + { + "name": "34916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34916" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "FEDORA-2009-4870", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" + }, + { + "name": "35140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35140" + }, + { + "name": "http://download.gna.org/nasmail/nasmail-1.7.zip", + "refsource": "CONFIRM", + "url": "http://download.gna.org/nasmail/nasmail-1.7.zip" + }, + { + "name": "FEDORA-2009-4880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500360", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500360" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "ADV-2009-1296", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1296" + }, + { + "name": "35259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35259" + }, + { + "name": "35052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35052" + }, + { + "name": "FEDORA-2009-4875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" + }, + { + "name": "squirrelmail-mapypalias-code-execution(50461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50461" + }, + { + "name": "RHSA-2009:1066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html" + }, + { + "name": "37415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37415" + }, + { + "name": "35073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35073" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674" + }, + { + "name": "ADV-2009-3315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3315" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2009-05-10", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2009-05-10" + }, + { + "name": "DSA-1802", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1802" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1818.json b/2009/1xxx/CVE-2009-1818.json index ae0797a9072..f47273b824e 100644 --- a/2009/1xxx/CVE-2009-1818.json +++ b/2009/1xxx/CVE-2009-1818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8672", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8672" - }, - { - "name" : "ADV-2009-1307", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1307" - }, - { - "name" : "maxcms-musername-sql-injection(50513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1307", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1307" + }, + { + "name": "maxcms-musername-sql-injection(50513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50513" + }, + { + "name": "8672", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8672" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5077.json b/2009/5xxx/CVE-2009-5077.json index a077fa119f4..458ae1ac6e5 100644 --- a/2009/5xxx/CVE-2009-5077.json +++ b/2009/5xxx/CVE-2009-5077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hosting-4-creloaded.com/node/116", - "refsource" : "MISC", - "url" : "http://hosting-4-creloaded.com/node/116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hosting-4-creloaded.com/node/116", + "refsource": "MISC", + "url": "http://hosting-4-creloaded.com/node/116" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0301.json b/2012/0xxx/CVE-2012-0301.json index 5d9b653885f..721ca47f675 100644 --- a/2012/0xxx/CVE-2012-0301.json +++ b/2012/0xxx/CVE-2012-0301.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00" - }, - { - "name" : "54135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00" + }, + { + "name": "54135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54135" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0736.json b/2012/0xxx/CVE-2012-0736.json index 76513c0b73b..1e5fac5fe68 100644 --- a/2012/0xxx/CVE-2012-0736.json +++ b/2012/0xxx/CVE-2012-0736.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" - }, - { - "name" : "53247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53247" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ae-platformauth-code-execution(74559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ae-platformauth-code-execution(74559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559" + }, + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + }, + { + "name": "53247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53247" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2267.json b/2012/2xxx/CVE-2012-2267.json index c4a1534c90d..617406a6203 100644 --- a/2012/2xxx/CVE-2012-2267.json +++ b/2012/2xxx/CVE-2012-2267.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2012-9/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-9/" - }, - { - "name" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf", - "refsource" : "CONFIRM", - "url" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf" - }, - { - "name" : "52929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52929" - }, - { - "name" : "1026898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026898" - }, - { - "name" : "helix-server-master-dos(74674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52929" + }, + { + "name": "1026898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026898" + }, + { + "name": "http://secunia.com/secunia_research/2012-9/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-9/" + }, + { + "name": "helix-server-master-dos(74674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74674" + }, + { + "name": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf", + "refsource": "CONFIRM", + "url": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3105.json b/2012/3xxx/CVE-2012-3105.json index efa215d9733..56b115ff7bb 100644 --- a/2012/3xxx/CVE-2012-3105.json +++ b/2012/3xxx/CVE-2012-3105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=744888", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=744888" - }, - { - "name" : "oval:org.mitre.oval:def:16912", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16912", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16912" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=744888", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=744888" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3132.json b/2012/3xxx/CVE-2012-3132.json index 96d025047d1..f25e20f043c 100644 --- a/2012/3xxx/CVE-2012-3132.json +++ b/2012/3xxx/CVE-2012-3132.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html" - }, - { - "name" : "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html", - "refsource" : "MISC", - "url" : "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html" - }, - { - "name" : "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/", - "refsource" : "MISC", - "url" : "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/" - }, - { - "name" : "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132", - "refsource" : "MISC", - "url" : "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html" + }, + { + "name": "1027367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027367" + }, + { + "name": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html", + "refsource": "MISC", + "url": "http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html" + }, + { + "name": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/", + "refsource": "MISC", + "url": "http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132", + "refsource": "MISC", + "url": "https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3757.json b/2012/3xxx/CVE-2012-3757.json index 1d7b95a7d71..591467a5913 100644 --- a/2012/3xxx/CVE-2012-3757.json +++ b/2012/3xxx/CVE-2012-3757.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-021", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-021" - }, - { - "name" : "http://support.apple.com/kb/HT5581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5581" - }, - { - "name" : "APPLE-SA-2012-11-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html" - }, - { - "name" : "87092", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87092" - }, - { - "name" : "oval:org.mitre.oval:def:16167", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16167" - }, - { - "name" : "51226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51226" - }, - { - "name" : "apple-quicktime-pict-ce(79896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51226" + }, + { + "name": "APPLE-SA-2012-11-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html" + }, + { + "name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-021", + "refsource": "MISC", + "url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-021" + }, + { + "name": "87092", + "refsource": "OSVDB", + "url": "http://osvdb.org/87092" + }, + { + "name": "apple-quicktime-pict-ce(79896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79896" + }, + { + "name": "http://support.apple.com/kb/HT5581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5581" + }, + { + "name": "oval:org.mitre.oval:def:16167", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16167" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4369.json b/2012/4xxx/CVE-2012-4369.json index 155b0280a05..3a33ba34412 100644 --- a/2012/4xxx/CVE-2012-4369.json +++ b/2012/4xxx/CVE-2012-4369.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4369", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4369", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4506.json b/2012/4xxx/CVE-2012-4506.json index 65bbbeb7084..7eff6cc1b16 100644 --- a/2012/4xxx/CVE-2012-4506.json +++ b/2012/4xxx/CVE-2012-4506.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching \"../\" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121009 CVE Request: gitolite path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/10/1" - }, - { - "name" : "[oss-security] 20121009 Re: CVE Request: gitolite path traversal vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/10/2" - }, - { - "name" : "https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2", - "refsource" : "CONFIRM", - "url" : "https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2" - }, - { - "name" : "https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion" - }, - { - "name" : "55853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55853" - }, - { - "name" : "50896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50896" - }, - { - "name" : "gitolite-security-bypass(79130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching \"../\" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion" + }, + { + "name": "55853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55853" + }, + { + "name": "https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2", + "refsource": "CONFIRM", + "url": "https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2" + }, + { + "name": "[oss-security] 20121009 CVE Request: gitolite path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/10/1" + }, + { + "name": "50896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50896" + }, + { + "name": "[oss-security] 20121009 Re: CVE Request: gitolite path traversal vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/10/2" + }, + { + "name": "gitolite-security-bypass(79130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79130" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4991.json b/2012/4xxx/CVE-2012-4991.json index dd51852608b..45519022658 100644 --- a/2012/4xxx/CVE-2012-4991.json +++ b/2012/4xxx/CVE-2012-4991.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23324", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/23324/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23324", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/23324/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6186.json b/2012/6xxx/CVE-2012-6186.json index 8f4965c400f..41b028318b2 100644 --- a/2012/6xxx/CVE-2012-6186.json +++ b/2012/6xxx/CVE-2012-6186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6186", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6186", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6505.json b/2012/6xxx/CVE-2012-6505.json index 0d7491cccda..7c540cfa5f4 100644 --- a/2012/6xxx/CVE-2012-6505.json +++ b/2012/6xxx/CVE-2012-6505.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120426 PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0206.html" - }, - { - "name" : "18788", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18788" - }, - { - "name" : "53261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53261" - }, - { - "name" : "81494", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81494" - }, - { - "name" : "48988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48988" + }, + { + "name": "53261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53261" + }, + { + "name": "18788", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18788" + }, + { + "name": "20120426 PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0206.html" + }, + { + "name": "81494", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81494" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6645.json b/2012/6xxx/CVE-2012-6645.json index 670ff51a81f..2f41f11d745 100644 --- a/2012/6xxx/CVE-2012-6645.json +++ b/2012/6xxx/CVE-2012-6645.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/16/9" - }, - { - "name" : "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/9" - }, - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities" - }, - { - "name" : "https://drupal.org/node/1432970", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1432970" - }, - { - "name" : "http://drupal.org/node/1432318", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1432318" - }, - { - "name" : "http://drupal.org/node/1432320", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1432320" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/13e2d0c", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/13e2d0c" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/58443aa", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/58443aa" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/758fcf9", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/758fcf9" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/bc0cc82", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/bc0cc82" - }, - { - "name" : "79015", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79015" - }, - { - "name" : "47941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47941" - }, - { - "name" : "47943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47943" - }, - { - "name" : "drupal-finder-unspecified-xss(73110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1432320", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1432320" + }, + { + "name": "http://drupal.org/node/1432318", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1432318" + }, + { + "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/bc0cc82", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/bc0cc82" + }, + { + "name": "79015", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79015" + }, + { + "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9" + }, + { + "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities", + "refsource": "MISC", + "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "47941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47941" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/58443aa", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/58443aa" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c" + }, + { + "name": "https://drupal.org/node/1432970", + "refsource": "MISC", + "url": "https://drupal.org/node/1432970" + }, + { + "name": "drupal-finder-unspecified-xss(73110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110" + }, + { + "name": "47943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47943" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/758fcf9", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/758fcf9" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2101.json b/2017/2xxx/CVE-2017-2101.json index 0d93d4c1e72..50a9f9d9372 100644 --- a/2017/2xxx/CVE-2017-2101.json +++ b/2017/2xxx/CVE-2017-2101.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", - "version" : { - "version_data" : [ - { - "version_value" : "V3.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", + "version": { + "version_data": [ + { + "version_value": "V3.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#88176589", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN88176589/index.html" - }, - { - "name" : "96261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96261" + }, + { + "name": "JVN#88176589", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN88176589/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2536.json b/2017/2xxx/CVE-2017-2536.json index 209d516e5a2..31d269ad88d 100644 --- a/2017/2xxx/CVE-2017-2536.json +++ b/2017/2xxx/CVE-2017-2536.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42125", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42125/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98473" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "42125", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42125/" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + }, + { + "name": "98473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98473" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2820.json b/2017/2xxx/CVE-2017-2820.json index 5a3ecdb1668..40a842af172 100644 --- a/2017/2xxx/CVE-2017-2820.json +++ b/2017/2xxx/CVE-2017-2820.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-2820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Poppler", - "version" : { - "version_data" : [ - { - "version_value" : "0.53" - } - ] - } - } - ] - }, - "vendor_name" : "Poppler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-2820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Poppler", + "version": { + "version_data": [ + { + "version_value": "0.53" + } + ] + } + } + ] + }, + "vendor_name": "Poppler" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321" - }, - { - "name" : "99497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321" + }, + { + "name": "99497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99497" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6163.json b/2017/6xxx/CVE-2017-6163.json index 067705a9d2f..14b889d659f 100644 --- a/2017/6xxx/CVE-2017-6163.json +++ b/2017/6xxx/CVE-2017-6163.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-10-26T00:00:00", - "ID" : "CVE-2017-6163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0 - 12.1.2" - }, - { - "version_value" : "11.6.0 â" - }, - { - "version_value" : "€" - }, - { - "version_value" : "\" 11.6.1" - }, - { - "version_value" : "11.4.0 â" - }, - { - "version_value" : "€" - }, - { - "version_value" : "\" 11.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-10-26T00:00:00", + "ID": "CVE-2017-6163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM", + "version": { + "version_data": [ + { + "version_value": "12.0.0 - 12.1.2" + }, + { + "version_value": "11.6.0 â" + }, + { + "version_value": "€" + }, + { + "version_value": "\" 11.6.1" + }, + { + "version_value": "11.4.0 â" + }, + { + "version_value": "€" + }, + { + "version_value": "\" 11.5.4" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K22541983", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K22541983" - }, - { - "name" : "101606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101606" - }, - { - "name" : "1039671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039671" + }, + { + "name": "101606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101606" + }, + { + "name": "https://support.f5.com/csp/article/K22541983", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K22541983" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6457.json b/2017/6xxx/CVE-2017-6457.json index 11a16fbcbd2..fba72d3eb7f 100644 --- a/2017/6xxx/CVE-2017-6457.json +++ b/2017/6xxx/CVE-2017-6457.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6457", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6457", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6720.json b/2017/6xxx/CVE-2017-6720.json index 38534aadd53..136d06e7a45 100644 --- a/2017/6xxx/CVE-2017-6720.json +++ b/2017/6xxx/CVE-2017-6720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Small Business Managed Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Small Business Managed Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business Managed Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Small Business Managed Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms" - }, - { - "name" : "100933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100933" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6822.json b/2017/6xxx/CVE-2017-6822.json index d41ae8039df..9dcfd50d1ef 100644 --- a/2017/6xxx/CVE-2017-6822.json +++ b/2017/6xxx/CVE-2017-6822.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6822", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6822", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11088.json b/2018/11xxx/CVE-2018-11088.json index c3436be23c5..3740b2a5113 100644 --- a/2018/11xxx/CVE-2018-11088.json +++ b/2018/11xxx/CVE-2018-11088.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-13T04:00:00.000Z", - "ID" : "CVE-2018-11088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Application Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.0", - "version_value" : "2.0.21" - }, - { - "affected" : "<", - "version_name" : "2.1", - "version_value" : "2.1.13 " - }, - { - "affected" : "<", - "version_name" : "2.2", - "version_value" : "2.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Credential leak" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-13T04:00:00.000Z", + "ID": "CVE-2018-11088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.0", + "version_value": "2.0.21" + }, + { + "affected": "<", + "version_name": "2.1", + "version_value": "2.1.13 " + }, + { + "affected": "<", + "version_name": "2.2", + "version_value": "2.2.5" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-11088", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-11088" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Credential leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2018-11088", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-11088" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11130.json b/2018/11xxx/CVE-2018-11130.json index 7ae2dcaaaa3..d19e35a6d8b 100644 --- a/2018/11xxx/CVE-2018-11130.json +++ b/2018/11xxx/CVE-2018-11130.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180516 vcftools 0.1.15 vuln bugs", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/43" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180516 vcftools 0.1.15 vuln bugs", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/43" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11988.json b/2018/11xxx/CVE-2018-11988.json index d4d14f44aee..311a6fcbaf0 100644 --- a/2018/11xxx/CVE-2018-11988.json +++ b/2018/11xxx/CVE-2018-11988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Ecosystem" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Ecosystem" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14114.json b/2018/14xxx/CVE-2018-14114.json index 7599f84dc28..aeb521c34b9 100644 --- a/2018/14xxx/CVE-2018-14114.json +++ b/2018/14xxx/CVE-2018-14114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14114", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14114", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14369.json b/2018/14xxx/CVE-2018-14369.json index 785318df334..dd31e8f9b51 100644 --- a/2018/14xxx/CVE-2018-14369.json +++ b/2018/14xxx/CVE-2018-14369.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-41.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-41.html" - }, - { - "name" : "104847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104847" - }, - { - "name" : "1041608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041608" + }, + { + "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-41.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-41.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869" + }, + { + "name": "104847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104847" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14376.json b/2018/14xxx/CVE-2018-14376.json index 9fed79c9e37..2d3bf621f0e 100644 --- a/2018/14xxx/CVE-2018-14376.json +++ b/2018/14xxx/CVE-2018-14376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14389.json b/2018/14xxx/CVE-2018-14389.json index 43026c62609..6e8053eddda 100644 --- a/2018/14xxx/CVE-2018-14389.json +++ b/2018/14xxx/CVE-2018-14389.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/joyplus/joyplus-cms/issues/430", - "refsource" : "MISC", - "url" : "https://github.com/joyplus/joyplus-cms/issues/430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/joyplus/joyplus-cms/issues/430", + "refsource": "MISC", + "url": "https://github.com/joyplus/joyplus-cms/issues/430" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14997.json b/2018/14xxx/CVE-2018-14997.json index ed0674003e4..c834be80da7 100644 --- a/2018/14xxx/CVE-2018-14997.json +++ b/2018/14xxx/CVE-2018-14997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14997", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15015.json b/2018/15xxx/CVE-2018-15015.json index 21bca149577..3b8fc01e773 100644 --- a/2018/15xxx/CVE-2018-15015.json +++ b/2018/15xxx/CVE-2018-15015.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15015", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15015", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15079.json b/2018/15xxx/CVE-2018-15079.json index 33bf267869a..32cf31e40ce 100644 --- a/2018/15xxx/CVE-2018-15079.json +++ b/2018/15xxx/CVE-2018-15079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15163.json b/2018/15xxx/CVE-2018-15163.json index 96605fbfc8f..d1125a54717 100644 --- a/2018/15xxx/CVE-2018-15163.json +++ b/2018/15xxx/CVE-2018-15163.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15163", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15163", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15291.json b/2018/15xxx/CVE-2018-15291.json index 9ba8228ee8d..d143a8c972a 100644 --- a/2018/15xxx/CVE-2018-15291.json +++ b/2018/15xxx/CVE-2018-15291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20414.json b/2018/20xxx/CVE-2018-20414.json index 701e1d5dfce..85c8d44b184 100644 --- a/2018/20xxx/CVE-2018-20414.json +++ b/2018/20xxx/CVE-2018-20414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20676.json b/2018/20xxx/CVE-2018-20676.json index 2adc679e509..f2d0481a8dc 100644 --- a/2018/20xxx/CVE-2018-20676.json +++ b/2018/20xxx/CVE-2018-20676.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", - "refsource" : "MISC", - "url" : "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27044", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27044" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" - }, - { - "name" : "https://github.com/twbs/bootstrap/pull/27047", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/pull/27047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twbs/bootstrap/issues/27044", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27044" + }, + { + "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" + }, + { + "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", + "refsource": "MISC", + "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" + }, + { + "name": "https://github.com/twbs/bootstrap/pull/27047", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/pull/27047" + }, + { + "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" + } + ] + } +} \ No newline at end of file