From 7a23eecb52894181760db6e92182f082e3b13f7e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:13:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0228.json | 140 ++++++------- 2002/0xxx/CVE-2002-0564.json | 160 +++++++-------- 2002/0xxx/CVE-2002-0627.json | 160 +++++++-------- 2002/0xxx/CVE-2002-0873.json | 130 ++++++------ 2002/1xxx/CVE-2002-1051.json | 180 ++++++++-------- 2002/2xxx/CVE-2002-2048.json | 130 ++++++------ 2002/2xxx/CVE-2002-2271.json | 130 ++++++------ 2005/0xxx/CVE-2005-0267.json | 140 ++++++------- 2005/0xxx/CVE-2005-0849.json | 140 ++++++------- 2005/1xxx/CVE-2005-1084.json | 120 +++++------ 2005/1xxx/CVE-2005-1508.json | 200 +++++++++--------- 2009/0xxx/CVE-2009-0520.json | 340 +++++++++++++++---------------- 2009/0xxx/CVE-2009-0702.json | 140 ++++++------- 2009/0xxx/CVE-2009-0705.json | 160 +++++++-------- 2009/1xxx/CVE-2009-1430.json | 230 ++++++++++----------- 2009/1xxx/CVE-2009-1528.json | 200 +++++++++--------- 2009/1xxx/CVE-2009-1620.json | 130 ++++++------ 2012/2xxx/CVE-2012-2412.json | 34 ++-- 2012/2xxx/CVE-2012-2493.json | 120 +++++------ 2012/3xxx/CVE-2012-3323.json | 170 ++++++++-------- 2012/4xxx/CVE-2012-4051.json | 140 ++++++------- 2012/4xxx/CVE-2012-4550.json | 150 +++++++------- 2012/4xxx/CVE-2012-4627.json | 34 ++-- 2012/4xxx/CVE-2012-4924.json | 170 ++++++++-------- 2012/6xxx/CVE-2012-6162.json | 34 ++-- 2012/6xxx/CVE-2012-6187.json | 34 ++-- 2012/6xxx/CVE-2012-6279.json | 34 ++-- 2012/6xxx/CVE-2012-6300.json | 34 ++-- 2017/2xxx/CVE-2017-2323.json | 130 ++++++------ 2017/2xxx/CVE-2017-2343.json | 196 +++++++++--------- 2017/2xxx/CVE-2017-2870.json | 132 ++++++------ 2017/2xxx/CVE-2017-2955.json | 140 ++++++------- 2017/6xxx/CVE-2017-6659.json | 140 ++++++------- 2018/11xxx/CVE-2018-11583.json | 120 +++++------ 2018/14xxx/CVE-2018-14023.json | 130 ++++++------ 2018/14xxx/CVE-2018-14116.json | 34 ++-- 2018/14xxx/CVE-2018-14265.json | 130 ++++++------ 2018/14xxx/CVE-2018-14569.json | 34 ++-- 2018/14xxx/CVE-2018-14759.json | 34 ++-- 2018/15xxx/CVE-2018-15223.json | 34 ++-- 2018/15xxx/CVE-2018-15542.json | 120 +++++------ 2018/15xxx/CVE-2018-15600.json | 34 ++-- 2018/15xxx/CVE-2018-15634.json | 34 ++-- 2018/15xxx/CVE-2018-15703.json | 122 +++++------ 2018/20xxx/CVE-2018-20468.json | 34 ++-- 2018/8xxx/CVE-2018-8288.json | 362 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8979.json | 130 ++++++------ 47 files changed, 2937 insertions(+), 2937 deletions(-) diff --git a/2002/0xxx/CVE-2002-0228.json b/2002/0xxx/CVE-2002-0228.json index 4f52b2ce0c9..49fe3ff6a23 100644 --- a/2002/0xxx/CVE-2002-0228.json +++ b/2002/0xxx/CVE-2002-0228.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/254021" - }, - { - "name" : "msn-messenger-reveal-information(8084)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8084.php" - }, - { - "name" : "4028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/254021" + }, + { + "name": "msn-messenger-reveal-information(8084)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8084.php" + }, + { + "name": "4028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4028" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0564.json b/2002/0xxx/CVE-2002-0564.json index 7147899705f..d2691ee655b 100644 --- a/2002/0xxx/CVE-2002-0564.json +++ b/2002/0xxx/CVE-2002-0564.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020206 Hackproofing Oracle Application Server paper", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2" - }, - { - "name" : "VU#193523", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/193523" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" - }, - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020206 Hackproofing Oracle Application Server paper", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2" + }, + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" + }, + { + "name": "VU#193523", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/193523" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0627.json b/2002/0xxx/CVE-2002-0627.json index 6015964df73..272dbf7338a 100644 --- a/2002/0xxx/CVE-2002-0627.json +++ b/2002/0xxx/CVE-2002-0627.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089" - }, - { - "name" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf" - }, - { - "name" : "M-123", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/m-123.shtml" - }, - { - "name" : "viewstation-unicode-retrieve-password(9348)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9348.php" - }, - { - "name" : "5632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089" + }, + { + "name": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf", + "refsource": "CONFIRM", + "url": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf" + }, + { + "name": "M-123", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/m-123.shtml" + }, + { + "name": "viewstation-unicode-retrieve-password(9348)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9348.php" + }, + { + "name": "5632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5632" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0873.json b/2002/0xxx/CVE-2002-0873.json index 6f96f8cf791..f35db6d1273 100644 --- a/2002/0xxx/CVE-2002-0873.json +++ b/2002/0xxx/CVE-2002-0873.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-152", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-152" - }, - { - "name" : "l2tpd-vendor-field-bo(10460)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10460.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-152", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-152" + }, + { + "name": "l2tpd-vendor-field-bo(10460)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10460.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1051.json b/2002/1xxx/CVE-2002-1051.json index 72fa909e1d1..b19b1e195f2 100644 --- a/2002/1xxx/CVE-2002-1051.json +++ b/2002/1xxx/CVE-2002-1051.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020606 Format String bug in TrACESroute 6.0 GOLD", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html" - }, - { - "name" : "20020721 Nanog traceroute format string exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102737546927749&w=2" - }, - { - "name" : "20020723 Re: Nanog traceroute format string exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html" - }, - { - "name" : "20020724 Re: Nanog traceroute format string exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102753136231920&w=2" - }, - { - "name" : "SuSE-SA:2000:041", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html" - }, - { - "name" : "4956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4956" - }, - { - "name" : "tracesroute-t-format-string(9291)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9291.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020606 Format String bug in TrACESroute 6.0 GOLD", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html" + }, + { + "name": "4956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4956" + }, + { + "name": "SuSE-SA:2000:041", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html" + }, + { + "name": "20020724 Re: Nanog traceroute format string exploit.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102753136231920&w=2" + }, + { + "name": "20020721 Nanog traceroute format string exploit.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102737546927749&w=2" + }, + { + "name": "20020723 Re: Nanog traceroute format string exploit.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html" + }, + { + "name": "tracesroute-t-format-string(9291)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9291.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2048.json b/2002/2xxx/CVE-2002-2048.json index b0e62a995a3..3bd332eb047 100644 --- a/2002/2xxx/CVE-2002-2048.json +++ b/2002/2xxx/CVE-2002-2048.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020604 PFinger Buffer Overflow Vulnerability.", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102321152215055&w=2" - }, - { - "name" : "pfinger-query-bo(9269)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9269.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020604 PFinger Buffer Overflow Vulnerability.", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102321152215055&w=2" + }, + { + "name": "pfinger-query-bo(9269)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9269.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2271.json b/2002/2xxx/CVE-2002-2271.json index f4cf44d79f4..4d6f3eb6bdc 100644 --- a/2002/2xxx/CVE-2002-2271.json +++ b/2002/2xxx/CVE-2002-2271.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/6G003156AE.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6G003156AE.html" - }, - { - "name" : "bigfun-irc-dcc-dos(10757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bigfun-irc-dcc-dos(10757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10757" + }, + { + "name": "http://www.securiteam.com/exploits/6G003156AE.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6G003156AE.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0267.json b/2005/0xxx/CVE-2005-0267.json index 5e859b12d02..ea99157b892 100644 --- a/2005/0xxx/CVE-2005-0267.json +++ b/2005/0xxx/CVE-2005-0267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050102 Multiple Vulnerabilities in FlatNuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110477752916772&w=2" - }, - { - "name" : "12150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12150" - }, - { - "name" : "flatnuke-indexphp-gain-access(18741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12150" + }, + { + "name": "flatnuke-indexphp-gain-access(18741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18741" + }, + { + "name": "20050102 Multiple Vulnerabilities in FlatNuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110477752916772&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0849.json b/2005/0xxx/CVE-2005-0849.json index 6a268290d9d..6a144198344 100644 --- a/2005/0xxx/CVE-2005-0849.json +++ b/2005/0xxx/CVE-2005-0849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/funlabsboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/funlabsboom-adv.txt" - }, - { - "name" : "1013492", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013492" - }, - { - "name" : "14638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14638" + }, + { + "name": "http://aluigi.altervista.org/adv/funlabsboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/funlabsboom-adv.txt" + }, + { + "name": "1013492", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013492" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1084.json b/2005/1xxx/CVE-2005-1084.json index 86e04097a34..878768e33ae 100644 --- a/2005/1xxx/CVE-2005-1084.json +++ b/2005/1xxx/CVE-2005-1084.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14913" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1508.json b/2005/1xxx/CVE-2005-1508.json index 49ac7965d5d..84fee2bad39 100644 --- a/2005/1xxx/CVE-2005-1508.json +++ b/2005/1xxx/CVE-2005-1508.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111565808024581&w=2" - }, - { - "name" : "ADV-2005-0503", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0503" - }, - { - "name" : "16228", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16228" - }, - { - "name" : "16229", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16229" - }, - { - "name" : "16230", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16230" - }, - { - "name" : "16231", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16231" - }, - { - "name" : "16232", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16232" - }, - { - "name" : "15315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15315" - }, - { - "name" : "pwsphp-mulitple-scripts-xss(20500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16232", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16232" + }, + { + "name": "pwsphp-mulitple-scripts-xss(20500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20500" + }, + { + "name": "16228", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16228" + }, + { + "name": "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111565808024581&w=2" + }, + { + "name": "16229", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16229" + }, + { + "name": "ADV-2005-0503", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0503" + }, + { + "name": "15315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15315" + }, + { + "name": "16231", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16231" + }, + { + "name": "16230", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16230" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0520.json b/2009/0xxx/CVE-2009-0520.json index b752253f0b5..3cd1affa771 100644 --- a/2009/0xxx/CVE-2009-0520.json +++ b/2009/0xxx/CVE-2009-0520.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=5929", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=5929" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487142", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487142" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "GLSA-200903-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" - }, - { - "name" : "RHSA-2009:0332", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0332.html" - }, - { - "name" : "RHSA-2009:0334", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0334.html" - }, - { - "name" : "254909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "33880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33880" - }, - { - "name" : "oval:org.mitre.oval:def:6593", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" - }, - { - "name" : "oval:org.mitre.oval:def:16057", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" - }, - { - "name" : "1021750", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021750" - }, - { - "name" : "34012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34012" - }, - { - "name" : "34293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34293" - }, - { - "name" : "34226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34226" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2009-0513", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0513" - }, - { - "name" : "ADV-2009-0743", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0743" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "flash-invalid-object-bo(48887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://isc.sans.org/diary.html?storyid=5929", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=5929" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "RHSA-2009:0332", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html" + }, + { + "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "34226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34226" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:6593", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" + }, + { + "name": "flash-invalid-object-bo(48887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" + }, + { + "name": "ADV-2009-0743", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0743" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html" + }, + { + "name": "ADV-2009-0513", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0513" + }, + { + "name": "GLSA-200903-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "oval:org.mitre.oval:def:16057", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "33880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33880" + }, + { + "name": "1021750", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021750" + }, + { + "name": "34293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34293" + }, + { + "name": "254909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" + }, + { + "name": "RHSA-2009:0334", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142" + }, + { + "name": "34012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34012" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0702.json b/2009/0xxx/CVE-2009-0702.json index b9bd7d1a85d..8ede57ba1d2 100644 --- a/2009/0xxx/CVE-2009-0702.json +++ b/2009/0xxx/CVE-2009-0702.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7670", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7670" - }, - { - "name" : "33114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33114" - }, - { - "name" : "ADV-2009-0026", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33114" + }, + { + "name": "7670", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7670" + }, + { + "name": "ADV-2009-0026", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0026" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0705.json b/2009/0xxx/CVE-2009-0705.json index d99eb038070..6f93ce3e401 100644 --- a/2009/0xxx/CVE-2009-0705.json +++ b/2009/0xxx/CVE-2009-0705.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7641", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7641" - }, - { - "name" : "33081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33081" - }, - { - "name" : "51110", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51110" - }, - { - "name" : "33363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33363" - }, - { - "name" : "powernews-news-sql-injection(47701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "powernews-news-sql-injection(47701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701" + }, + { + "name": "33081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33081" + }, + { + "name": "33363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33363" + }, + { + "name": "51110", + "refsource": "OSVDB", + "url": "http://osvdb.org/51110" + }, + { + "name": "7641", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7641" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1430.json b/2009/1xxx/CVE-2009-1430.json index ce80080ec3a..97aa2b3fc99 100644 --- a/2009/1xxx/CVE-2009-1430.json +++ b/2009/1xxx/CVE-2009-1430.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503080/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-018/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-018/" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02" - }, - { - "name" : "34672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34672" - }, - { - "name" : "34674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34674" - }, - { - "name" : "1022130", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022130" - }, - { - "name" : "1022131", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022131" - }, - { - "name" : "1022132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022132" - }, - { - "name" : "34856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34856" - }, - { - "name" : "ADV-2009-1204", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1204" - }, - { - "name" : "symantec-iao-bo(50177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50177" - }, - { - "name" : "symantec-msgsys-bo(50178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1204", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1204" + }, + { + "name": "1022132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022132" + }, + { + "name": "20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503080/100/0/threaded" + }, + { + "name": "1022130", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022130" + }, + { + "name": "34674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34674" + }, + { + "name": "symantec-msgsys-bo(50178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50178" + }, + { + "name": "34672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34672" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02" + }, + { + "name": "symantec-iao-bo(50177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50177" + }, + { + "name": "34856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34856" + }, + { + "name": "1022131", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022131" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-018/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-018/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1528.json b/2009/1xxx/CVE-2009-1528.json index 50f553ab5d0..c3782da6204 100644 --- a/2009/1xxx/CVE-2009-1528.json +++ b/2009/1xxx/CVE-2009-1528.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504206/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-037", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-037" - }, - { - "name" : "MS09-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35222" - }, - { - "name" : "54947", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54947" - }, - { - "name" : "oval:org.mitre.oval:def:6260", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6260" - }, - { - "name" : "1022350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022350" - }, - { - "name" : "ADV-2009-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6260", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6260" + }, + { + "name": "ADV-2009-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1538" + }, + { + "name": "MS09-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" + }, + { + "name": "54947", + "refsource": "OSVDB", + "url": "http://osvdb.org/54947" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022350" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-037", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-037" + }, + { + "name": "20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504206/100/0/threaded" + }, + { + "name": "35222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35222" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1620.json b/2009/1xxx/CVE-2009-1620.json index 3b1a8891615..82db4efec56 100644 --- a/2009/1xxx/CVE-2009-1620.json +++ b/2009/1xxx/CVE-2009-1620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090425 MataChat Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503014/100/0/threaded" - }, - { - "name" : "34722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090425 MataChat Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503014/100/0/threaded" + }, + { + "name": "34722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34722" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2412.json b/2012/2xxx/CVE-2012-2412.json index 9192a8fed5a..a0af71e6768 100644 --- a/2012/2xxx/CVE-2012-2412.json +++ b/2012/2xxx/CVE-2012-2412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2412", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2412", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2493.json b/2012/2xxx/CVE-2012-2493.json index 1d257f9ae0b..b0261ca4a91 100644 --- a/2012/2xxx/CVE-2012-2493.json +++ b/2012/2xxx/CVE-2012-2493.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-2493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3323.json b/2012/3xxx/CVE-2012-3323.json index 5d66424ac27..61dfa6fce8c 100644 --- a/2012/3xxx/CVE-2012-3323.json +++ b/2012/3xxx/CVE-2012-3323.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV23506", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506" - }, - { - "name" : "97924", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97924" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "55070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55070" - }, - { - "name" : "maximo-cve20123323-priv-esc(77920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55070" + }, + { + "name": "97924", + "refsource": "OSVDB", + "url": "http://osvdb.org/97924" + }, + { + "name": "IV23506", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + }, + { + "name": "maximo-cve20123323-priv-esc(77920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4051.json b/2012/4xxx/CVE-2012-4051.json index 16abb74848f..a4912c4a0f9 100644 --- a/2012/4xxx/CVE-2012-4051.json +++ b/2012/4xxx/CVE-2012-4051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html" - }, - { - "name" : "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf" - }, - { - "name" : "VU#555668", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/555668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#555668", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/555668" + }, + { + "name": "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html" + }, + { + "name": "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf", + "refsource": "CONFIRM", + "url": "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4550.json b/2012/4xxx/CVE-2012-4550.json index c578804aa75..1cc00a338e4 100644 --- a/2012/4xxx/CVE-2012-4550.json +++ b/2012/4xxx/CVE-2012-4550.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1591", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" - }, - { - "name" : "RHSA-2012:1592", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" - }, - { - "name" : "RHSA-2012:1594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" - }, - { - "name" : "51607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" + }, + { + "name": "51607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51607" + }, + { + "name": "RHSA-2012:1592", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" + }, + { + "name": "RHSA-2012:1591", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4627.json b/2012/4xxx/CVE-2012-4627.json index eead9f2694c..f32381b946a 100644 --- a/2012/4xxx/CVE-2012-4627.json +++ b/2012/4xxx/CVE-2012-4627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4627", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4924.json b/2012/4xxx/CVE-2012-4924.json index 1d63bb4a5e0..2be76a0cc20 100644 --- a/2012/4xxx/CVE-2012-4924.json +++ b/2012/4xxx/CVE-2012-4924.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18538", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18538" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=417", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=417" - }, - { - "name" : "52110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52110" - }, - { - "name" : "79438", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79438" - }, - { - "name" : "48125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48125" - }, - { - "name" : "net4switch-activex-bo(73384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48125" + }, + { + "name": "52110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52110" + }, + { + "name": "79438", + "refsource": "OSVDB", + "url": "http://osvdb.org/79438" + }, + { + "name": "net4switch-activex-bo(73384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384" + }, + { + "name": "18538", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18538" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=417", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=417" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6162.json b/2012/6xxx/CVE-2012-6162.json index 9936bc059e7..6ce0faf2fa0 100644 --- a/2012/6xxx/CVE-2012-6162.json +++ b/2012/6xxx/CVE-2012-6162.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6162", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6162", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6187.json b/2012/6xxx/CVE-2012-6187.json index c50fdd7b0eb..844050c020f 100644 --- a/2012/6xxx/CVE-2012-6187.json +++ b/2012/6xxx/CVE-2012-6187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6187", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6187", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6279.json b/2012/6xxx/CVE-2012-6279.json index deae6d1a626..08f56fe36d6 100644 --- a/2012/6xxx/CVE-2012-6279.json +++ b/2012/6xxx/CVE-2012-6279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6279", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6279", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6300.json b/2012/6xxx/CVE-2012-6300.json index 249f0b4b43c..614aea8c327 100644 --- a/2012/6xxx/CVE-2012-6300.json +++ b/2012/6xxx/CVE-2012-6300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2323.json b/2017/2xxx/CVE-2017-2323.json index a7d383f6e0c..fe4ee63e533 100644 --- a/2017/2xxx/CVE-2017-2323.json +++ b/2017/2xxx/CVE-2017-2323.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NorthStar Controller Application", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.0 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "persistent denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NorthStar Controller Application", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.1.0 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10783", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10783" - }, - { - "name" : "97600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "persistent denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10783", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10783" + }, + { + "name": "97600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97600" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2343.json b/2017/2xxx/CVE-2017-2343.json index dc979ebc79f..ad247afed08 100644 --- a/2017/2xxx/CVE-2017-2343.json +++ b/2017/2xxx/CVE-2017-2343.json @@ -1,100 +1,100 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-2343", - "STATE" : "PUBLIC", - "TITLE" : "SRX Series: Hardcoded credentials in Integrated UserFW feature." - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "SRX series", - "version_value" : "12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35" - }, - { - "platform" : "SRX series", - "version_value" : "15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of \"Status: Connected\" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 10, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Hard-coded Credentials" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-2343", + "STATE": "PUBLIC", + "TITLE": "SRX Series: Hardcoded credentials in Integrated UserFW feature." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "SRX series", + "version_value": "12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35" + }, + { + "platform": "SRX series", + "version_value": "15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10791", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10791" - }, - { - "name" : "1038904", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038904" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 12.3X48-D35, 15.1X49-D50, and all subsequent releases.\n\nThis issue is being tracked as PR 1171966 and is visible on the Customer Support website.", - "work_around" : [ - { - "lang" : "eng", - "value" : "There is no workaround to completely mitigate the risk of this issue.\nCustomers may reduce the risk of exploitation of this issue by disabling the UserFW service on devices running the service until such time that a fix can be taken." - } - ] -} + } + }, + "configuration": [], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of \"Status: Connected\" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10791", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10791" + }, + { + "name": "1038904", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038904" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 12.3X48-D35, 15.1X49-D50, and all subsequent releases.\n\nThis issue is being tracked as PR 1171966 and is visible on the Customer Support website.", + "work_around": [ + { + "lang": "eng", + "value": "There is no workaround to completely mitigate the risk of this issue.\nCustomers may reduce the risk of exploitation of this issue by disabling the UserFW service on devices running the service until such time that a fix can be taken." + } + ] +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2870.json b/2017/2xxx/CVE-2017-2870.json index e0fe9689541..96d598e8340 100644 --- a/2017/2xxx/CVE-2017-2870.json +++ b/2017/2xxx/CVE-2017-2870.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-08-30T00:00:00", - "ID" : "CVE-2017-2870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gdk-Pixbuf", - "version" : { - "version_data" : [ - { - "version_value" : "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "GNOME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-08-30T00:00:00", + "ID": "CVE-2017-2870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gdk-Pixbuf", + "version": { + "version_data": [ + { + "version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6" + } + ] + } + } + ] + }, + "vendor_name": "GNOME" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377" - }, - { - "name" : "100541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100541" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2955.json b/2017/2xxx/CVE-2017-2955.json index 3fe2335b94e..b46f39d1e8c 100644 --- a/2017/2xxx/CVE-2017-2955.json +++ b/2017/2xxx/CVE-2017-2955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95343" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + }, + { + "name": "95343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95343" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6659.json b/2017/6xxx/CVE-2017-6659.json index 64535f8256a..5603c758f0a 100644 --- a/2017/6xxx/CVE-2017-6659.json +++ b/2017/6xxx/CVE-2017-6659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Assurance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Assurance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Assurance", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Assurance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca" - }, - { - "name" : "98970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98970" - }, - { - "name" : "1038633", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038633" + }, + { + "name": "98970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98970" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11583.json b/2018/11xxx/CVE-2018-11583.json index 18ac533711c..a033cfcd80e 100644 --- a/2018/11xxx/CVE-2018-11583.json +++ b/2018/11xxx/CVE-2018-11583.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12", - "refsource" : "MISC", - "url" : "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12", + "refsource": "MISC", + "url": "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14023.json b/2018/14xxx/CVE-2018-14023.json index 3a847781757..874dfd9424b 100644 --- a/2018/14xxx/CVE-2018-14023.json +++ b/2018/14xxx/CVE-2018-14023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", - "refsource" : "MISC", - "url" : "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1" - }, - { - "name" : "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", + "refsource": "MISC", + "url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1" + }, + { + "name": "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14116.json b/2018/14xxx/CVE-2018-14116.json index 9845b21f767..5e8bd1b2764 100644 --- a/2018/14xxx/CVE-2018-14116.json +++ b/2018/14xxx/CVE-2018-14116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14265.json b/2018/14xxx/CVE-2018-14265.json index 58246dc4742..b5ad0e250fc 100644 --- a/2018/14xxx/CVE-2018-14265.json +++ b/2018/14xxx/CVE-2018-14265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-725", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-725" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-725", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-725" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14569.json b/2018/14xxx/CVE-2018-14569.json index acdcdb75605..8771a5e265e 100644 --- a/2018/14xxx/CVE-2018-14569.json +++ b/2018/14xxx/CVE-2018-14569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14759.json b/2018/14xxx/CVE-2018-14759.json index ac15ad41748..0d4bf34d879 100644 --- a/2018/14xxx/CVE-2018-14759.json +++ b/2018/14xxx/CVE-2018-14759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15223.json b/2018/15xxx/CVE-2018-15223.json index d0d49d03c84..978c68438ec 100644 --- a/2018/15xxx/CVE-2018-15223.json +++ b/2018/15xxx/CVE-2018-15223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15223", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15223", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15542.json b/2018/15xxx/CVE-2018-15542.json index fd2a9aa4dad..0e7a01e7646 100644 --- a/2018/15xxx/CVE-2018-15542.json +++ b/2018/15xxx/CVE-2018-15542.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d", - "refsource" : "MISC", - "url" : "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d", + "refsource": "MISC", + "url": "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15600.json b/2018/15xxx/CVE-2018-15600.json index 172768fcaba..478e607b5a6 100644 --- a/2018/15xxx/CVE-2018-15600.json +++ b/2018/15xxx/CVE-2018-15600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15634.json b/2018/15xxx/CVE-2018-15634.json index 5d136ba07e5..78b97f99a4c 100644 --- a/2018/15xxx/CVE-2018-15634.json +++ b/2018/15xxx/CVE-2018-15634.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15634", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15634", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15703.json b/2018/15xxx/CVE-2018-15703.json index dcb9f23e705..e7bc1018b26 100644 --- a/2018/15xxx/CVE-2018-15703.json +++ b/2018/15xxx/CVE-2018-15703.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-10-18T00:00:00", - "ID" : "CVE-2018-15703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.2 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-10-18T00:00:00", + "ID": "CVE-2018-15703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "8.3.2 and below" + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-33", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-33", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-33" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20468.json b/2018/20xxx/CVE-2018-20468.json index 77430decb1d..971c425ca2a 100644 --- a/2018/20xxx/CVE-2018-20468.json +++ b/2018/20xxx/CVE-2018-20468.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20468", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20468", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8288.json b/2018/8xxx/CVE-2018-8288.json index 8acae884f62..66d6498497c 100644 --- a/2018/8xxx/CVE-2018-8288.json +++ b/2018/8xxx/CVE-2018-8288.json @@ -1,183 +1,183 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45213", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45213/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288" - }, - { - "name" : "104636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104636" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - }, - { - "name" : "1041258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45213", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45213/" + }, + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "104636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104636" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288" + }, + { + "name": "1041258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041258" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8979.json b/2018/8xxx/CVE-2018-8979.json index 872372265e3..7a406f96211 100644 --- a/2018/8xxx/CVE-2018-8979.json +++ b/2018/8xxx/CVE-2018-8979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44360", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44360/" - }, - { - "name" : "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html", - "refsource" : "MISC", - "url" : "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html", + "refsource": "MISC", + "url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html" + }, + { + "name": "44360", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44360/" + } + ] + } +} \ No newline at end of file