diff --git a/2005/0xxx/CVE-2005-0607.json b/2005/0xxx/CVE-2005-0607.json index 9aea96c4a74..cbba2d1f71b 100644 --- a/2005/0xxx/CVE-2005-0607.json +++ b/2005/0xxx/CVE-2005-0607.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?showtopic=6032", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?showtopic=6032" - }, - { - "name" : "1013304", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013304" - }, - { - "name" : "cubecart-multiple-path-disclosure(20638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html" + }, + { + "name": "http://www.cubecart.com/site/forums/index.php?showtopic=6032", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?showtopic=6032" + }, + { + "name": "cubecart-multiple-path-disclosure(20638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20638" + }, + { + "name": "1013304", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013304" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0944.json b/2005/0xxx/CVE-2005-0944.json index a3b43f630a4..1ddccae5aac 100644 --- a/2005/0xxx/CVE-2005-0944.json +++ b/2005/0xxx/CVE-2005-0944.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050331 [HV-HIGH] Microsoft Jet DB engine vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111231465920199&w=2" - }, - { - "name" : "20060804 Will Microsoft patch remarkable old Msjet40.dll issue?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442446/100/100/threaded" - }, - { - "name" : "20060808 Re: Will Microsoft patch remarkable old Msjet40.dll issue?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442610/100/100/threaded" - }, - { - "name" : "http://www.hexview.com/docs/20050331-1.txt", - "refsource" : "MISC", - "url" : "http://www.hexview.com/docs/20050331-1.txt" - }, - { - "name" : "http://blogs.securiteam.com/?p=535", - "refsource" : "MISC", - "url" : "http://blogs.securiteam.com/?p=535" - }, - { - "name" : "VU#176380", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/176380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060808 Re: Will Microsoft patch remarkable old Msjet40.dll issue?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442610/100/100/threaded" + }, + { + "name": "20050331 [HV-HIGH] Microsoft Jet DB engine vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111231465920199&w=2" + }, + { + "name": "20060804 Will Microsoft patch remarkable old Msjet40.dll issue?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442446/100/100/threaded" + }, + { + "name": "http://www.hexview.com/docs/20050331-1.txt", + "refsource": "MISC", + "url": "http://www.hexview.com/docs/20050331-1.txt" + }, + { + "name": "http://blogs.securiteam.com/?p=535", + "refsource": "MISC", + "url": "http://blogs.securiteam.com/?p=535" + }, + { + "name": "VU#176380", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/176380" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1498.json b/2005/1xxx/CVE-2005-1498.json index 892dd0a8ba9..8e85027007c 100644 --- a/2005/1xxx/CVE-2005-1498.json +++ b/2005/1xxx/CVE-2005-1498.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050505 Multiple vulnerabilities in myBloggie 2.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111531904608224&w=2" - }, - { - "name" : "http://mywebland.com/forums/viewtopic.php?t=180", - "refsource" : "MISC", - "url" : "http://mywebland.com/forums/viewtopic.php?t=180" - }, - { - "name" : "13507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13507" - }, - { - "name" : "mybloggie-viewmodephp-xss(20434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20434" - }, - { - "name" : "mybloggie-script-injection(20436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mywebland.com/forums/viewtopic.php?t=180", + "refsource": "MISC", + "url": "http://mywebland.com/forums/viewtopic.php?t=180" + }, + { + "name": "mybloggie-script-injection(20436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20436" + }, + { + "name": "20050505 Multiple vulnerabilities in myBloggie 2.1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111531904608224&w=2" + }, + { + "name": "mybloggie-viewmodephp-xss(20434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20434" + }, + { + "name": "13507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13507" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3072.json b/2005/3xxx/CVE-2005-3072.json index 630d53ed0a3..3bdd220255c 100644 --- a/2005/3xxx/CVE-2005-3072.json +++ b/2005/3xxx/CVE-2005-3072.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14931" - }, - { - "name" : "ADV-2005-1829", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1829" - }, - { - "name" : "19652", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19652" - }, - { - "name" : "16923", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16923" - }, - { - "name" : "interchange-submit-sql-injection(22386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14931" + }, + { + "name": "ADV-2005-1829", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1829" + }, + { + "name": "interchange-submit-sql-injection(22386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22386" + }, + { + "name": "19652", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19652" + }, + { + "name": "16923", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16923" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3244.json b/2005/3xxx/CVE-2005-3244.json index 24d0a31f4ac..3ac7b955310 100644 --- a/2005/3xxx/CVE-2005-3244.json +++ b/2005/3xxx/CVE-2005-3244.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-3244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" - }, - { - "name" : "DSA-1171", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1171" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200510-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" - }, - { - "name" : "RHSA-2005:809", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html" - }, - { - "name" : "SUSE-SR:2005:025", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" - }, - { - "name" : "15148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15148" - }, - { - "name" : "20127", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20127" - }, - { - "name" : "oval:org.mitre.oval:def:9665", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9665" - }, - { - "name" : "1015082", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015082" - }, - { - "name" : "17377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17377" - }, - { - "name" : "17254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17254" - }, - { - "name" : "17286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17286" - }, - { - "name" : "17327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17327" - }, - { - "name" : "17392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17392" - }, - { - "name" : "17480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17480" - }, - { - "name" : "21813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:809", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-809.html" + }, + { + "name": "17327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17327" + }, + { + "name": "GLSA-200510-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" + }, + { + "name": "17392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17392" + }, + { + "name": "17480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17480" + }, + { + "name": "1015082", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015082" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html" + }, + { + "name": "20127", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20127" + }, + { + "name": "SUSE-SR:2005:025", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html" + }, + { + "name": "17286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17286" + }, + { + "name": "DSA-1171", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1171" + }, + { + "name": "oval:org.mitre.oval:def:9665", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9665" + }, + { + "name": "21813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21813" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "17377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17377" + }, + { + "name": "15148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15148" + }, + { + "name": "17254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17254" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3333.json b/2005/3xxx/CVE-2005-3333.json index a9e97ef7704..bed5b25b3ac 100644 --- a/2005/3xxx/CVE-2005-3333.json +++ b/2005/3xxx/CVE-2005-3333.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ebase.co.jp/company/security", - "refsource" : "CONFIRM", - "url" : "http://www.ebase.co.jp/company/security" - }, - { - "name" : "15171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15171" - }, - { - "name" : "20249", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20249" - }, - { - "name" : "1015089", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015089" - }, - { - "name" : "17301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17301" - }, - { - "name" : "ebaseweb-sql-injection(22834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15171" + }, + { + "name": "17301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17301" + }, + { + "name": "ebaseweb-sql-injection(22834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22834" + }, + { + "name": "20249", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20249" + }, + { + "name": "1015089", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015089" + }, + { + "name": "http://www.ebase.co.jp/company/security", + "refsource": "CONFIRM", + "url": "http://www.ebase.co.jp/company/security" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3516.json b/2005/3xxx/CVE-2005-3516.json index 26bc3e08435..4574dd9acc7 100644 --- a/2005/3xxx/CVE-2005-3516.json +++ b/2005/3xxx/CVE-2005-3516.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051020 XSS & Path Disclosure in Chipmunk's products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112982490104274&w=2" - }, - { - "name" : "http://irannetjob.com/content/view/148/28/", - "refsource" : "MISC", - "url" : "http://irannetjob.com/content/view/148/28/" - }, - { - "name" : "15149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15149/" - }, - { - "name" : "20169", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20169" - }, - { - "name" : "17283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17283/" - }, - { - "name" : "96", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/96" - }, - { - "name" : "chipmunk-multiple-scripts-xss(22823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15149/" + }, + { + "name": "20051020 XSS & Path Disclosure in Chipmunk's products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112982490104274&w=2" + }, + { + "name": "17283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17283/" + }, + { + "name": "96", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/96" + }, + { + "name": "http://irannetjob.com/content/view/148/28/", + "refsource": "MISC", + "url": "http://irannetjob.com/content/view/148/28/" + }, + { + "name": "20169", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20169" + }, + { + "name": "chipmunk-multiple-scripts-xss(22823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3650.json b/2005/3xxx/CVE-2005-3650.json index 3fe04f53ed5..3509888dc52 100644 --- a/2005/3xxx/CVE-2005-3650.json +++ b/2005/3xxx/CVE-2005-3650.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has \"safe for scripting\" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hack.fi/~muzzy/sony-drm/", - "refsource" : "MISC", - "url" : "http://hack.fi/~muzzy/sony-drm/" - }, - { - "name" : "http://www.freedom-to-tinker.com/?p=927", - "refsource" : "MISC", - "url" : "http://www.freedom-to-tinker.com/?p=927" - }, - { - "name" : "VU#312073", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/312073" - }, - { - "name" : "15430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15430" - }, - { - "name" : "ADV-2005-2454", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2454" - }, - { - "name" : "20887", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20887" - }, - { - "name" : "17610", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17610" - }, - { - "name" : "first4internet-xcp-sony-gain-access(23063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has \"safe for scripting\" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17610", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17610" + }, + { + "name": "ADV-2005-2454", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2454" + }, + { + "name": "20887", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20887" + }, + { + "name": "VU#312073", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/312073" + }, + { + "name": "15430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15430" + }, + { + "name": "first4internet-xcp-sony-gain-access(23063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23063" + }, + { + "name": "http://www.freedom-to-tinker.com/?p=927", + "refsource": "MISC", + "url": "http://www.freedom-to-tinker.com/?p=927" + }, + { + "name": "http://hack.fi/~muzzy/sony-drm/", + "refsource": "MISC", + "url": "http://hack.fi/~muzzy/sony-drm/" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3999.json b/2005/3xxx/CVE-2005-3999.json index 5625e331fd2..7514f5050cf 100644 --- a/2005/3xxx/CVE-2005-3999.json +++ b/2005/3xxx/CVE-2005-3999.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html" - }, - { - "name" : "15696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15696" - }, - { - "name" : "ADV-2005-2718", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2718" - }, - { - "name" : "21424", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21424" - }, - { - "name" : "17856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17856" - }, - { - "name" : "sitebeater-search-xss(23403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21424", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21424" + }, + { + "name": "17856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17856" + }, + { + "name": "ADV-2005-2718", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2718" + }, + { + "name": "sitebeater-search-xss(23403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23403" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html" + }, + { + "name": "15696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15696" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4377.json b/2005/4xxx/CVE-2005-4377.json index 33192030f79..cc1a2002794 100644 --- a/2005/4xxx/CVE-2005-4377.json +++ b/2005/4xxx/CVE-2005-4377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/baseline-cms-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/baseline-cms-vuln.html" - }, - { - "name" : "ADV-2005-2974", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2974" - }, - { - "name" : "21938", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21938", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21938" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/baseline-cms-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/baseline-cms-vuln.html" + }, + { + "name": "ADV-2005-2974", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2974" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4447.json b/2005/4xxx/CVE-2005-4447.json index 0f1b6a7df7c..fedae458381 100644 --- a/2005/4xxx/CVE-2005-4447.json +++ b/2005/4xxx/CVE-2005-4447.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in articles\\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an \"ORDER BY\" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051216 phpCOIN-1.2.2-Full-2005 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419637/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in articles\\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an \"ORDER BY\" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051216 phpCOIN-1.2.2-Full-2005 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419637/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0589.json b/2009/0xxx/CVE-2009-0589.json index 2f27746cef7..79ba8055e82 100644 --- a/2009/0xxx/CVE-2009-0589.json +++ b/2009/0xxx/CVE-2009-0589.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0589", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-0589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0700.json b/2009/0xxx/CVE-2009-0700.json index a7b09e356e8..dc3cc5396c5 100644 --- a/2009/0xxx/CVE-2009-0700.json +++ b/2009/0xxx/CVE-2009-0700.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html" - }, - { - "name" : "20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt" - }, - { - "name" : "33153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33153" - }, - { - "name" : "businessmanager-multiple-security-bypass(47794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag_job.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt" + }, + { + "name": "20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html" + }, + { + "name": "20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html" + }, + { + "name": "businessmanager-multiple-security-bypass(47794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47794" + }, + { + "name": "33153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33153" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0942.json b/2009/0xxx/CVE-2009-0942.json index a2cf50bb8e2..95352969f5b 100644 --- a/2009/0xxx/CVE-2009-0942.json +++ b/2009/0xxx/CVE-2009-0942.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34926" - }, - { - "name" : "1022216", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022216" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "macos-helpviewer-css-code-execution(50485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "34926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34926" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "macos-helpviewer-css-code-execution(50485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50485" + }, + { + "name": "1022216", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022216" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2254.json b/2009/2xxx/CVE-2009-2254.json index dbcab251d0e..ec1ca70fa5f 100644 --- a/2009/2xxx/CVE-2009-2254.json +++ b/2009/2xxx/CVE-2009-2254.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a \"SQL Execution\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9005", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9005" - }, - { - "name" : "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965" - }, - { - "name" : "http://www.zen-cart.com/forum/showthread.php?t=130161", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/forum/showthread.php?t=130161" - }, - { - "name" : "35468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35468" - }, - { - "name" : "55343", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55343" - }, - { - "name" : "35550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35550" - }, - { - "name" : "zencart-sqlpatch-sql-injection(51317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a \"SQL Execution\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55343", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55343" + }, + { + "name": "http://www.zen-cart.com/forum/showthread.php?t=130161", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/forum/showthread.php?t=130161" + }, + { + "name": "35468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35468" + }, + { + "name": "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/forum/attachment.php?attachmentid=5965" + }, + { + "name": "9005", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9005" + }, + { + "name": "35550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35550" + }, + { + "name": "zencart-sqlpatch-sql-injection(51317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51317" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3058.json b/2009/3xxx/CVE-2009-3058.json index 6e735d124cc..73fe716d074 100644 --- a/2009/3xxx/CVE-2009-3058.json +++ b/2009/3xxx/CVE-2009-3058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9568", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9568" - }, - { - "name" : "http://packetstormsecurity.org/0909-exploits/akplayer-overflow.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0909-exploits/akplayer-overflow.txt" - }, - { - "name" : "36521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36521" - }, - { - "name" : "ADV-2009-2517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9568", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9568" + }, + { + "name": "36521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36521" + }, + { + "name": "http://packetstormsecurity.org/0909-exploits/akplayer-overflow.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0909-exploits/akplayer-overflow.txt" + }, + { + "name": "ADV-2009-2517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2517" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3699.json b/2009/3xxx/CVE-2009-3699.json index 18e2478cc74..67446b1e93e 100644 --- a/2009/3xxx/CVE-2009-3699.json +++ b/2009/3xxx/CVE-2009-3699.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825" - }, - { - "name" : "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz", - "refsource" : "MISC", - "url" : "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc" - }, - { - "name" : "IZ61628", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628" - }, - { - "name" : "IZ61717", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717" - }, - { - "name" : "IZ62123", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123" - }, - { - "name" : "IZ62237", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237" - }, - { - "name" : "IZ62569", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569" - }, - { - "name" : "IZ62570", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570" - }, - { - "name" : "IZ62571", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571" - }, - { - "name" : "IZ62572", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572" - }, - { - "name" : "IZ62672", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672" - }, - { - "name" : "36615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36615" - }, - { - "name" : "58726", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58726" - }, - { - "name" : "1022996", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022996" - }, - { - "name" : "36978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36978" - }, - { - "name" : "ADV-2009-2846", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2846" - }, - { - "name" : "ibm-aix-rpccmsd-bo(53681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-2846", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2846" + }, + { + "name": "IZ62237", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237" + }, + { + "name": "IZ62570", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570" + }, + { + "name": "IZ61628", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628" + }, + { + "name": "1022996", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022996" + }, + { + "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc" + }, + { + "name": "IZ62569", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569" + }, + { + "name": "ibm-aix-rpccmsd-bo(53681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681" + }, + { + "name": "IZ62571", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571" + }, + { + "name": "IZ62123", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123" + }, + { + "name": "IZ62672", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672" + }, + { + "name": "IZ62572", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572" + }, + { + "name": "36978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36978" + }, + { + "name": "IZ61717", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717" + }, + { + "name": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz", + "refsource": "MISC", + "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz" + }, + { + "name": "58726", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58726" + }, + { + "name": "36615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36615" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3763.json b/2009/3xxx/CVE-2009-3763.json index b2a72a8a19d..2f60968822c 100644 --- a/2009/3xxx/CVE-2009-3763.json +++ b/2009/3xxx/CVE-2009-3763.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4763.json b/2009/4xxx/CVE-2009-4763.json index 9437c3bef74..dfab68ea54a 100644 --- a/2009/4xxx/CVE-2009-4763.json +++ b/2009/4xxx/CVE-2009-4763.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyvisites.us/phpmv2/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyvisites.us/phpmv2/CHANGELOG" - }, - { - "name" : "38824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38824" - }, - { - "name" : "38862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38862" - }, - { - "name" : "clickheat-phpmyvisites-unspecified(57004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38824" + }, + { + "name": "http://www.phpmyvisites.us/phpmv2/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.phpmyvisites.us/phpmv2/CHANGELOG" + }, + { + "name": "clickheat-phpmyvisites-unspecified(57004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57004" + }, + { + "name": "38862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38862" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2116.json b/2012/2xxx/CVE-2012-2116.json index 0e835401d23..26b3c447a2b 100644 --- a/2012/2xxx/CVE-2012-2116.json +++ b/2012/2xxx/CVE-2012-2116.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/18/11" - }, - { - "name" : "[oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/19/1" - }, - { - "name" : "http://drupal.org/node/1538198", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1538198" - }, - { - "name" : "http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab" - }, - { - "name" : "48912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1538198", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1538198" + }, + { + "name": "http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab" + }, + { + "name": "48912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48912" + }, + { + "name": "[oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/18/11" + }, + { + "name": "[oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2400.json b/2012/2xxx/CVE-2012-2400.json index 794c09ea59d..e8492f081c7 100644 --- a/2012/2xxx/CVE-2012-2400.json +++ b/2012/2xxx/CVE-2012-2400.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://core.trac.wordpress.org/changeset/20499/branches/3.3/wp-includes/js/swfobject.js", - "refsource" : "CONFIRM", - "url" : "http://core.trac.wordpress.org/changeset/20499/branches/3.3/wp-includes/js/swfobject.js" - }, - { - "name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/" - }, - { - "name" : "DSA-2470", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2470" - }, - { - "name" : "53192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53192" - }, - { - "name" : "81460", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81460" - }, - { - "name" : "49138", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49138" - }, - { - "name" : "wordpress-swfobject-unspecified(75209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49138", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49138" + }, + { + "name": "81460", + "refsource": "OSVDB", + "url": "http://osvdb.org/81460" + }, + { + "name": "wordpress-swfobject-unspecified(75209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75209" + }, + { + "name": "DSA-2470", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2470" + }, + { + "name": "http://core.trac.wordpress.org/changeset/20499/branches/3.3/wp-includes/js/swfobject.js", + "refsource": "CONFIRM", + "url": "http://core.trac.wordpress.org/changeset/20499/branches/3.3/wp-includes/js/swfobject.js" + }, + { + "name": "53192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53192" + }, + { + "name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2551.json b/2012/2xxx/CVE-2012-2551.json index e9e66dcf821..6d73ce73674 100644 --- a/2012/2xxx/CVE-2012-2551.json +++ b/2012/2xxx/CVE-2012-2551.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka \"Kerberos NULL Dereference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-069" - }, - { - "name" : "TA12-283A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" - }, - { - "name" : "55778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55778" - }, - { - "name" : "oval:org.mitre.oval:def:15674", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15674" - }, - { - "name" : "1027620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027620" - }, - { - "name" : "50867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka \"Kerberos NULL Dereference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15674", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15674" + }, + { + "name": "50867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50867" + }, + { + "name": "1027620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027620" + }, + { + "name": "MS12-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-069" + }, + { + "name": "55778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55778" + }, + { + "name": "TA12-283A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2652.json b/2012/2xxx/CVE-2012-2652.json index 775b841ccff..14fe942b60c 100644 --- a/2012/2xxx/CVE-2012-2652.json +++ b/2012/2xxx/CVE-2012-2652.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169" - }, - { - "name" : "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log" - }, - { - "name" : "DSA-2545", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2545" - }, - { - "name" : "SUSE-SU-2012:1202", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html" - }, - { - "name" : "USN-1522-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1522-1" - }, - { - "name" : "53725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53725" - }, - { - "name" : "50132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50132" - }, - { - "name" : "50689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50132" + }, + { + "name": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu-stable-0.15.git;a=log" + }, + { + "name": "50689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50689" + }, + { + "name": "53725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53725" + }, + { + "name": "SUSE-SU-2012:1202", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html" + }, + { + "name": "USN-1522-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1522-1" + }, + { + "name": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169" + }, + { + "name": "DSA-2545", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2545" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2736.json b/2012/2xxx/CVE-2012-2736.json index 31fe43cf417..31f7b151ab1 100644 --- a/2012/2xxx/CVE-2012-2736.json +++ b/2012/2xxx/CVE-2012-2736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2821.json b/2012/2xxx/CVE-2012-2821.json index f0bbbcdde63..0d0b32769c2 100644 --- a/2012/2xxx/CVE-2012-2821.json +++ b/2012/2xxx/CVE-2012-2821.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=122925", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=122925" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" - }, - { - "name" : "openSUSE-SU-2012:0813", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15075728" - }, - { - "name" : "oval:org.mitre.oval:def:15565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0813", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15075728" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=122925", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=122925" + }, + { + "name": "oval:org.mitre.oval:def:15565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15565" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0378.json b/2015/0xxx/CVE-2015-0378.json index cbd3ca4ae69..b40b7a1852e 100644 --- a/2015/0xxx/CVE-2015-0378.json +++ b/2015/0xxx/CVE-2015-0378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72147" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - }, - { - "name" : "oracle-cpujan2015-cve20150378(100174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "72147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72147" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "oracle-cpujan2015-cve20150378(100174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100174" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1566.json b/2015/1xxx/CVE-2015-1566.json index 722ebe0d22e..0c63d8d361b 100644 --- a/2015/1xxx/CVE-2015-1566.json +++ b/2015/1xxx/CVE-2015-1566.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dnnsoftware.com/platform/manage/security-center", - "refsource" : "CONFIRM", - "url" : "http://www.dnnsoftware.com/platform/manage/security-center" - }, - { - "name" : "62832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dnnsoftware.com/platform/manage/security-center", + "refsource": "CONFIRM", + "url": "http://www.dnnsoftware.com/platform/manage/security-center" + }, + { + "name": "62832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62832" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1690.json b/2015/1xxx/CVE-2015-1690.json index 6132f0b196f..bf03f22acae 100644 --- a/2015/1xxx/CVE-2015-1690.json +++ b/2015/1xxx/CVE-2015-1690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1690", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1690", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1728.json b/2015/1xxx/CVE-2015-1728.json index 9b9ea86ad6e..c7c901413c7 100644 --- a/2015/1xxx/CVE-2015-1728.json +++ b/2015/1xxx/CVE-2015-1728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka \"Windows Media Player RCE via DataObject Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150701 Microsoft Windows Media Player DataObject Switch Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200" - }, - { - "name" : "MS15-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057" - }, - { - "name" : "1032522", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka \"Windows Media Player RCE via DataObject Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032522", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032522" + }, + { + "name": "20150701 Microsoft Windows Media Player DataObject Switch Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200" + }, + { + "name": "MS15-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5046.json b/2015/5xxx/CVE-2015-5046.json index e2e57b4ded9..91ad576b4c4 100644 --- a/2015/5xxx/CVE-2015-5046.json +++ b/2015/5xxx/CVE-2015-5046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5268.json b/2015/5xxx/CVE-2015-5268.json index 722ecc83fd5..1859934fe60 100644 --- a/2015/5xxx/CVE-2015-5268.json +++ b/2015/5xxx/CVE-2015-5268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150921 Moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=320292", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=320292" - }, - { - "name" : "1033619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=320292", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=320292" + }, + { + "name": "[oss-security] 20150921 Moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173" + }, + { + "name": "1033619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033619" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5401.json b/2015/5xxx/CVE-2015-5401.json index 7646ef991ef..ca2002bc643 100644 --- a/2015/5xxx/CVE-2015-5401.json +++ b/2015/5xxx/CVE-2015-5401.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/FG-VD-15-038/", - "refsource" : "MISC", - "url" : "http://www.fortiguard.com/advisory/FG-VD-15-038/" - }, - { - "name" : "https://blog.fortinet.com/2015/07/23/teradata-vulnerability-announced-big-potential-headaches-for-big-data-solution", - "refsource" : "MISC", - "url" : "https://blog.fortinet.com/2015/07/23/teradata-vulnerability-announced-big-potential-headaches-for-big-data-solution" - }, - { - "name" : "1033005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguard.com/advisory/FG-VD-15-038/", + "refsource": "MISC", + "url": "http://www.fortiguard.com/advisory/FG-VD-15-038/" + }, + { + "name": "https://blog.fortinet.com/2015/07/23/teradata-vulnerability-announced-big-potential-headaches-for-big-data-solution", + "refsource": "MISC", + "url": "https://blog.fortinet.com/2015/07/23/teradata-vulnerability-announced-big-potential-headaches-for-big-data-solution" + }, + { + "name": "1033005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033005" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5571.json b/2015/5xxx/CVE-2015-5571.json index 6542fdcfcea..4be1e8becaa 100644 --- a/2015/5xxx/CVE-2015-5571.json +++ b/2015/5xxx/CVE-2015-5571.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76803" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "76803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76803" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5780.json b/2015/5xxx/CVE-2015-5780.json index 70cece01961..fd2ca306b6a 100644 --- a/2015/5xxx/CVE-2015-5780.json +++ b/2015/5xxx/CVE-2015-5780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "1033688", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "1033688", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033688" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11070.json b/2018/11xxx/CVE-2018-11070.json index 890e8b90a2d..541512d27b7 100644 --- a/2018/11xxx/CVE-2018-11070.json +++ b/2018/11xxx/CVE-2018-11070.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-09-05T04:00:00.000Z", - "ID" : "CVE-2018-11070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA BSAFE Crypto-J", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2.4" - } - ] - } - }, - { - "product_name" : "RSA BSAFE SSL-J ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "6.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Covert Timing Channel Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-09-05T04:00:00.000Z", + "ID": "CVE-2018-11070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA BSAFE Crypto-J", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2.4" + } + ] + } + }, + { + "product_name": "RSA BSAFE SSL-J ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "6.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/7" - }, - { - "name" : "1041614", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041614" - }, - { - "name" : "1041615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041615" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Covert Timing Channel Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041615" + }, + { + "name": "1041614", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041614" + }, + { + "name": "20180905 DSA-2018-150:RSA BSAFE SSL-J Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11411.json b/2018/11xxx/CVE-2018-11411.json index 22dba27e050..8a71fa42ebd 100644 --- a/2018/11xxx/CVE-2018-11411.json +++ b/2018/11xxx/CVE-2018-11411.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@jonghyk.song/dimoncoin-fud-erc20-token-allows-attackers-to-steal-all-victims-balances-cve-2018-11411-ba9a320604f9", - "refsource" : "MISC", - "url" : "https://medium.com/@jonghyk.song/dimoncoin-fud-erc20-token-allows-attackers-to-steal-all-victims-balances-cve-2018-11411-ba9a320604f9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@jonghyk.song/dimoncoin-fud-erc20-token-allows-attackers-to-steal-all-victims-balances-cve-2018-11411-ba9a320604f9", + "refsource": "MISC", + "url": "https://medium.com/@jonghyk.song/dimoncoin-fud-erc20-token-allows-attackers-to-steal-all-victims-balances-cve-2018-11411-ba9a320604f9" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11880.json b/2018/11xxx/CVE-2018-11880.json index 653f1e25af8..4c4355dc708 100644 --- a/2018/11xxx/CVE-2018-11880.json +++ b/2018/11xxx/CVE-2018-11880.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11913.json b/2018/11xxx/CVE-2018-11913.json index 6d1d3e508e8..8f076ca7574 100644 --- a/2018/11xxx/CVE-2018-11913.json +++ b/2018/11xxx/CVE-2018-11913.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=7e10a2c815f02696824a6a146304a77d7d47fc43", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=7e10a2c815f02696824a6a146304a77d7d47fc43" - }, - { - "name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=e4d7a885bca8251517ada85545656bfe7a2e6834", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=e4d7a885bca8251517ada85545656bfe7a2e6834" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=e4d7a885bca8251517ada85545656bfe7a2e6834", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=e4d7a885bca8251517ada85545656bfe7a2e6834" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=7e10a2c815f02696824a6a146304a77d7d47fc43", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=7e10a2c815f02696824a6a146304a77d7d47fc43" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3366.json b/2018/3xxx/CVE-2018-3366.json index 12fd3b75d98..a65ebfb4327 100644 --- a/2018/3xxx/CVE-2018-3366.json +++ b/2018/3xxx/CVE-2018-3366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3366", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3366", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3381.json b/2018/3xxx/CVE-2018-3381.json index 21bc4e50f13..eabe1cfec05 100644 --- a/2018/3xxx/CVE-2018-3381.json +++ b/2018/3xxx/CVE-2018-3381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3618.json b/2018/3xxx/CVE-2018-3618.json index baee8f87e4b..b3db819e7e4 100644 --- a/2018/3xxx/CVE-2018-3618.json +++ b/2018/3xxx/CVE-2018-3618.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3618", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3618", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7131.json b/2018/7xxx/CVE-2018-7131.json index 91edc77c08b..664af096af3 100644 --- a/2018/7xxx/CVE-2018-7131.json +++ b/2018/7xxx/CVE-2018-7131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7131", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7131", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7138.json b/2018/7xxx/CVE-2018-7138.json index b6c5671f7e8..b20476044e2 100644 --- a/2018/7xxx/CVE-2018-7138.json +++ b/2018/7xxx/CVE-2018-7138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7569.json b/2018/7xxx/CVE-2018-7569.json index e04c1b9c030..477f89fb226 100644 --- a/2018/7xxx/CVE-2018-7569.json +++ b/2018/7xxx/CVE-2018-7569.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22895", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22895" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22895", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22895" + }, + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7635.json b/2018/7xxx/CVE-2018-7635.json index 4b5402bb687..c8c53c8e379 100644 --- a/2018/7xxx/CVE-2018-7635.json +++ b/2018/7xxx/CVE-2018-7635.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cve.naver.com/detail/cve-2018-7635.html", - "refsource" : "MISC", - "url" : "https://cve.naver.com/detail/cve-2018-7635.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cve.naver.com/detail/cve-2018-7635.html", + "refsource": "MISC", + "url": "https://cve.naver.com/detail/cve-2018-7635.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7700.json b/2018/7xxx/CVE-2018-7700.json index b14c6f95458..6b636a228f6 100644 --- a/2018/7xxx/CVE-2018-7700.json +++ b/2018/7xxx/CVE-2018-7700.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/", - "refsource" : "MISC", - "url" : "https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/", + "refsource": "MISC", + "url": "https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8199.json b/2018/8xxx/CVE-2018-8199.json index 07570155112..35f19c2cb76 100644 --- a/2018/8xxx/CVE-2018-8199.json +++ b/2018/8xxx/CVE-2018-8199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8256.json b/2018/8xxx/CVE-2018-8256.json index 1292fc7ae89..355f341345c 100644 --- a/2018/8xxx/CVE-2018-8256.json +++ b/2018/8xxx/CVE-2018-8256.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Microsoft.PowerShell.Archive", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.2.0" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "PowerShell Core", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka \"Microsoft PowerShell Remote Code Execution Vulnerability.\" This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft.PowerShell.Archive", + "version": { + "version_data": [ + { + "version_value": "1.2.2.0" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "PowerShell Core", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.1" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256" - }, - { - "name" : "105781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105781" - }, - { - "name" : "1042108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka \"Microsoft PowerShell Remote Code Execution Vulnerability.\" This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042108" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256" + }, + { + "name": "105781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105781" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8285.json b/2018/8xxx/CVE-2018-8285.json index abd113b76c2..1e32a4f3955 100644 --- a/2018/8xxx/CVE-2018-8285.json +++ b/2018/8xxx/CVE-2018-8285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8808.json b/2018/8xxx/CVE-2018-8808.json index ba0aa46fc0c..60150b31db5 100644 --- a/2018/8xxx/CVE-2018-8808.json +++ b/2018/8xxx/CVE-2018-8808.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/issues/9725", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/9725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/9725", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/9725" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8877.json b/2018/8xxx/CVE-2018-8877.json index b4a053bcfcc..0b6d1c3b6f6 100644 --- a/2018/8xxx/CVE-2018-8877.json +++ b/2018/8xxx/CVE-2018-8877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file