From 87eaefe46f31481eb03111ca596e5c881b0ee7d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:50:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/1xxx/CVE-1999-1072.json | 120 ++++----- 1999/1xxx/CVE-1999-1209.json | 140 +++++----- 2000/0xxx/CVE-2000-0997.json | 140 +++++----- 2000/1xxx/CVE-2000-1115.json | 150 +++++------ 2000/1xxx/CVE-2000-1218.json | 130 ++++----- 2005/2xxx/CVE-2005-2080.json | 150 +++++------ 2005/2xxx/CVE-2005-2105.json | 150 +++++------ 2005/2xxx/CVE-2005-2124.json | 240 ++++++++--------- 2005/2xxx/CVE-2005-2248.json | 130 ++++----- 2005/2xxx/CVE-2005-2495.json | 500 +++++++++++++++++------------------ 2005/3xxx/CVE-2005-3045.json | 150 +++++------ 2005/3xxx/CVE-2005-3389.json | 450 +++++++++++++++---------------- 2005/3xxx/CVE-2005-3456.json | 160 +++++------ 2005/3xxx/CVE-2005-3785.json | 160 +++++------ 2005/3xxx/CVE-2005-3831.json | 190 ++++++------- 2005/4xxx/CVE-2005-4392.json | 170 ++++++------ 2005/4xxx/CVE-2005-4446.json | 130 ++++----- 2005/4xxx/CVE-2005-4673.json | 150 +++++------ 2009/2xxx/CVE-2009-2085.json | 150 +++++------ 2009/2xxx/CVE-2009-2382.json | 150 +++++------ 2009/2xxx/CVE-2009-2517.json | 140 +++++----- 2009/2xxx/CVE-2009-2620.json | 180 ++++++------- 2009/2xxx/CVE-2009-2779.json | 140 +++++----- 2009/2xxx/CVE-2009-2931.json | 160 +++++------ 2009/2xxx/CVE-2009-2961.json | 130 ++++----- 2009/3xxx/CVE-2009-3166.json | 160 +++++------ 2009/3xxx/CVE-2009-3527.json | 160 +++++------ 2009/3xxx/CVE-2009-3678.json | 250 +++++++++--------- 2009/3xxx/CVE-2009-3974.json | 130 ++++----- 2009/4xxx/CVE-2009-4111.json | 190 ++++++------- 2009/4xxx/CVE-2009-4708.json | 120 ++++----- 2009/4xxx/CVE-2009-4710.json | 140 +++++----- 2015/0xxx/CVE-2015-0538.json | 150 +++++------ 2015/0xxx/CVE-2015-0584.json | 130 ++++----- 2015/0xxx/CVE-2015-0630.json | 34 +-- 2015/0xxx/CVE-2015-0709.json | 130 ++++----- 2015/0xxx/CVE-2015-0853.json | 160 +++++------ 2015/1xxx/CVE-2015-1139.json | 150 +++++------ 2015/1xxx/CVE-2015-1294.json | 200 +++++++------- 2015/1xxx/CVE-2015-1730.json | 170 ++++++------ 2015/1xxx/CVE-2015-1895.json | 130 ++++----- 2015/4xxx/CVE-2015-4055.json | 34 +-- 2015/4xxx/CVE-2015-4438.json | 140 +++++----- 2015/4xxx/CVE-2015-4968.json | 34 +-- 2015/5xxx/CVE-2015-5409.json | 130 ++++----- 2018/2xxx/CVE-2018-2085.json | 34 +-- 2018/2xxx/CVE-2018-2240.json | 34 +-- 2018/3xxx/CVE-2018-3306.json | 34 +-- 2018/3xxx/CVE-2018-3498.json | 34 +-- 2018/3xxx/CVE-2018-3616.json | 172 ++++++------ 2018/6xxx/CVE-2018-6011.json | 120 ++++----- 2018/6xxx/CVE-2018-6017.json | 130 ++++----- 2018/6xxx/CVE-2018-6354.json | 120 ++++----- 2018/6xxx/CVE-2018-6726.json | 34 +-- 2018/7xxx/CVE-2018-7008.json | 34 +-- 2018/7xxx/CVE-2018-7327.json | 150 +++++------ 2018/7xxx/CVE-2018-7388.json | 34 +-- 2018/7xxx/CVE-2018-7913.json | 34 +-- 2018/8xxx/CVE-2018-8229.json | 230 ++++++++-------- 2018/8xxx/CVE-2018-8402.json | 34 +-- 60 files changed, 4215 insertions(+), 4215 deletions(-) diff --git a/1999/1xxx/CVE-1999-1072.json b/1999/1xxx/CVE-1999-1072.json index e9124ae4bc7..9a7a20e1241 100644 --- a/1999/1xxx/CVE-1999-1072.json +++ b/1999/1xxx/CVE-1999-1072.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19981130 Security bugs in Excite for Web Servers 1.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=91248445931140&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19981130 Security bugs in Excite for Web Servers 1.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=91248445931140&w=2" + } + ] + } +} \ No newline at end of file diff --git a/1999/1xxx/CVE-1999-1209.json b/1999/1xxx/CVE-1999-1209.json index 22f131fc554..03fc096965c 100644 --- a/1999/1xxx/CVE-1999-1209.json +++ b/1999/1xxx/CVE-1999-1209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-1209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-1209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19971204 scoterm exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=88131151000069&w=2" - }, - { - "name" : "VB-97.14", - "refsource" : "CERT", - "url" : "http://www.cert.org/vendor_bulletins/VB-97.14.scoterm" - }, - { - "name" : "sco-scoterm(690)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VB-97.14", + "refsource": "CERT", + "url": "http://www.cert.org/vendor_bulletins/VB-97.14.scoterm" + }, + { + "name": "19971204 scoterm exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=88131151000069&w=2" + }, + { + "name": "sco-scoterm(690)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/690" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0997.json b/2000/0xxx/CVE-2000-0997.json index 71afb9267b3..167a9f4e05c 100644 --- a/2000/0xxx/CVE-2000-0997.json +++ b/2000/0xxx/CVE-2000-0997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch", - "refsource" : "MISC", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch" - }, - { - "name" : "1752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1752" - }, - { - "name" : "bsd-eeprom-format(5337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bsd-eeprom-format(5337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5337" + }, + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch", + "refsource": "MISC", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch" + }, + { + "name": "1752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1752" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1115.json b/2000/1xxx/CVE-2000-1115.json index 9a6d9a2a8dd..6ef1b49b510 100644 --- a/2000/1xxx/CVE-2000-1115.json +++ b/2000/1xxx/CVE-2000-1115.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001122 602Pro Lan Suite Web Admin Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html" - }, - { - "name" : "http://www.software602.com/products/ls/support/newbuild.html", - "refsource" : "CONFIRM", - "url" : "http://www.software602.com/products/ls/support/newbuild.html" - }, - { - "name" : "1979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1979" - }, - { - "name" : "software602-lan-suite-bo(5583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "software602-lan-suite-bo(5583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5583" + }, + { + "name": "1979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1979" + }, + { + "name": "20001122 602Pro Lan Suite Web Admin Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html" + }, + { + "name": "http://www.software602.com/products/ls/support/newbuild.html", + "refsource": "CONFIRM", + "url": "http://www.software602.com/products/ls/support/newbuild.html" + } + ] + } +} \ No newline at end of file diff --git a/2000/1xxx/CVE-2000-1218.json b/2000/1xxx/CVE-2000-1218.json index cc9b86b319b..32dbe12c8e7 100644 --- a/2000/1xxx/CVE-2000-1218.json +++ b/2000/1xxx/CVE-2000-1218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-1218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-1218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#458659", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/458659" - }, - { - "name" : "win2k-dns-resolver(4280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-dns-resolver(4280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4280" + }, + { + "name": "VU#458659", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/458659" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2080.json b/2005/2xxx/CVE-2005-2080.json index 1736cc627df..f46b8584090 100644 --- a/2005/2xxx/CVE-2005-2080.json +++ b/2005/2xxx/CVE-2005-2080.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seer.support.veritas.com/docs/276608.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/276608.htm" - }, - { - "name" : "http://seer.support.veritas.com/docs/277429.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/277429.htm" - }, - { - "name" : "14026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14026" - }, - { - "name" : "15789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14026" + }, + { + "name": "http://seer.support.veritas.com/docs/277429.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/277429.htm" + }, + { + "name": "http://seer.support.veritas.com/docs/276608.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/276608.htm" + }, + { + "name": "15789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15789" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2105.json b/2005/2xxx/CVE-2005-2105.json index e976f8a24a4..b96fb7d5b0e 100644 --- a/2005/2xxx/CVE-2005-2105.json +++ b/2005/2xxx/CVE-2005-2105.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050629 RADIUS Authentication Bypass", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5756", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5756" - }, - { - "name" : "1014330", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2005/Jun/1014330.html" - }, - { - "name" : "radius-authentication-bypass(21190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050629 RADIUS Authentication Bypass", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml" + }, + { + "name": "1014330", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2005/Jun/1014330.html" + }, + { + "name": "oval:org.mitre.oval:def:5756", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5756" + }, + { + "name": "radius-authentication-bypass(21190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21190" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2124.json b/2005/2xxx/CVE-2005-2124.json index dea4f764b02..f46406100e3 100644 --- a/2005/2xxx/CVE-2005-2124.json +++ b/2005/2xxx/CVE-2005-2124.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to \"An unchecked buffer\" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka \"Windows Metafile Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-2124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eeye.com/html/research/advisories/AD20051108b.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20051108b.html" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20051108a.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20051108a.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf" - }, - { - "name" : "MS05-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-053" - }, - { - "name" : "TA05-312A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-312A.html" - }, - { - "name" : "VU#433341", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/433341" - }, - { - "name" : "15356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15356" - }, - { - "name" : "ADV-2005-2348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2348" - }, - { - "name" : "1015168", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015168" - }, - { - "name" : "17498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17498" - }, - { - "name" : "17461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17461" - }, - { - "name" : "17223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17223" - }, - { - "name" : "161", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to \"An unchecked buffer\" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka \"Windows Metafile Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf" + }, + { + "name": "17461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17461" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20051108a.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20051108a.html" + }, + { + "name": "161", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/161" + }, + { + "name": "ADV-2005-2348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2348" + }, + { + "name": "1015168", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015168" + }, + { + "name": "TA05-312A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-312A.html" + }, + { + "name": "17223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17223" + }, + { + "name": "17498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17498" + }, + { + "name": "MS05-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-053" + }, + { + "name": "15356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15356" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20051108b.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20051108b.html" + }, + { + "name": "VU#433341", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/433341" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2248.json b/2005/2xxx/CVE-2005-2248.json index 27bb0256582..7afdaa38d71 100644 --- a/2005/2xxx/CVE-2005-2248.json +++ b/2005/2xxx/CVE-2005-2248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14211" - }, - { - "name" : "16003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14211" + }, + { + "name": "16003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16003" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2495.json b/2005/2xxx/CVE-2005-2495.json index d3ba2de0033..84bf07c2ab9 100644 --- a/2005/2xxx/CVE-2005-2495.json +++ b/2005/2xxx/CVE-2005-2495.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-218.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-218.pdf" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-226.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-226.pdf" - }, - { - "name" : "DSA-816", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-816" - }, - { - "name" : "FLSA:168264-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427045/100/0/threaded" - }, - { - "name" : "FEDORA-2005-893", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/advisories/9285" - }, - { - "name" : "FEDORA-2005-894", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/advisories/9286" - }, - { - "name" : "GLSA-200509-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-07.xml" - }, - { - "name" : "HPSBUX02137", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/442163/100/0/threaded" - }, - { - "name" : "SSRT051024", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/442163/100/0/threaded" - }, - { - "name" : "MDKSA-2005:164", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:164" - }, - { - "name" : "RHSA-2005:501", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-501.html" - }, - { - "name" : "RHSA-2005:329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-329.html" - }, - { - "name" : "RHSA-2005:396", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-396.html" - }, - { - "name" : "SCOSA-2006.22", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22/SCOSA-2006.22.txt" - }, - { - "name" : "20060403-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" - }, - { - "name" : "101953", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101953-1" - }, - { - "name" : "101926", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101926-1" - }, - { - "name" : "SUSE-SA:2005:056", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_56_xserver.html" - }, - { - "name" : "SUSE-SR:2005:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_23_sr.html" - }, - { - "name" : "2005-0049", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=112690609622266&w=2" - }, - { - "name" : "USN-182-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-182-1/" - }, - { - "name" : "VU#102441", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/102441" - }, - { - "name" : "14807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14807" - }, - { - "name" : "oval:org.mitre.oval:def:9615", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9615" - }, - { - "name" : "ADV-2006-3140", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3140" - }, - { - "name" : "19352", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19352" - }, - { - "name" : "oval:org.mitre.oval:def:1044", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1044" - }, - { - "name" : "oval:org.mitre.oval:def:998", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A998" - }, - { - "name" : "1014887", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014887" - }, - { - "name" : "17044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17044" - }, - { - "name" : "17258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17258" - }, - { - "name" : "17278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17278" - }, - { - "name" : "17215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17215" - }, - { - "name" : "21318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21318" - }, - { - "name" : "16777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16777" - }, - { - "name" : "16790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16790" - }, - { - "name" : "19624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19624" - }, - { - "name" : "19796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19796" - }, - { - "name" : "xorg-pixmap-bo(22244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17258" + }, + { + "name": "USN-182-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-182-1/" + }, + { + "name": "1014887", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014887" + }, + { + "name": "17044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17044" + }, + { + "name": "20060403-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" + }, + { + "name": "HPSBUX02137", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/442163/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:998", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A998" + }, + { + "name": "21318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21318" + }, + { + "name": "GLSA-200509-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-07.xml" + }, + { + "name": "17278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17278" + }, + { + "name": "RHSA-2005:329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-329.html" + }, + { + "name": "2005-0049", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=112690609622266&w=2" + }, + { + "name": "14807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14807" + }, + { + "name": "SCOSA-2006.22", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22/SCOSA-2006.22.txt" + }, + { + "name": "oval:org.mitre.oval:def:9615", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9615" + }, + { + "name": "SSRT051024", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/442163/100/0/threaded" + }, + { + "name": "ADV-2006-3140", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3140" + }, + { + "name": "oval:org.mitre.oval:def:1044", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1044" + }, + { + "name": "FEDORA-2005-894", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/advisories/9286" + }, + { + "name": "MDKSA-2005:164", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:164" + }, + { + "name": "RHSA-2005:501", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-501.html" + }, + { + "name": "VU#102441", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/102441" + }, + { + "name": "19624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19624" + }, + { + "name": "101953", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101953-1" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-218.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-218.pdf" + }, + { + "name": "FEDORA-2005-893", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/advisories/9285" + }, + { + "name": "RHSA-2005:396", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-396.html" + }, + { + "name": "SUSE-SA:2005:056", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_56_xserver.html" + }, + { + "name": "101926", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101926-1" + }, + { + "name": "FLSA:168264-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427045/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-226.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-226.pdf" + }, + { + "name": "16790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16790" + }, + { + "name": "16777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16777" + }, + { + "name": "19352", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19352" + }, + { + "name": "19796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19796" + }, + { + "name": "xorg-pixmap-bo(22244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22244" + }, + { + "name": "17215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17215" + }, + { + "name": "DSA-816", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-816" + }, + { + "name": "SUSE-SR:2005:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3045.json b/2005/3xxx/CVE-2005-3045.json index 626719d4053..0a139990a6a 100644 --- a/2005/3xxx/CVE-2005-3045.json +++ b/2005/3xxx/CVE-2005-3045.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050922 My Little Forum 1.5 / 1.6beta SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112741430006983&w=2" - }, - { - "name" : "http://rgod.altervista.org/mylittle15_16b.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/mylittle15_16b.html" - }, - { - "name" : "14908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14908" - }, - { - "name" : "16913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16913/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rgod.altervista.org/mylittle15_16b.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/mylittle15_16b.html" + }, + { + "name": "16913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16913/" + }, + { + "name": "14908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14908" + }, + { + "name": "20050922 My Little Forum 1.5 / 1.6beta SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112741430006983&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3389.json b/2005/3xxx/CVE-2005-3389.json index cb2fc7caa43..403c4525558 100644 --- a/2005/3xxx/CVE-2005-3389.json +++ b/2005/3xxx/CVE-2005-3389.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415291" - }, - { - "name" : "http://www.hardened-php.net/advisory_192005.78.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_192005.78.html" - }, - { - "name" : "http://www.php.net/release_4_4_1.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_4_1.php" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm" - }, - { - "name" : "FLSA:166943", - "refsource" : "FEDORA", - "url" : "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html" - }, - { - "name" : "GLSA-200511-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" - }, - { - "name" : "HPSBMA02159", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "SSRT061238", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" - }, - { - "name" : "MDKSA-2005:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" - }, - { - "name" : "OpenPKG-SA-2005.027", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" - }, - { - "name" : "RHSA-2005:831", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-831.html" - }, - { - "name" : "RHSA-2005:838", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-838.html" - }, - { - "name" : "RHSA-2006:0549", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0549.html" - }, - { - "name" : "SUSE-SA:2005:069", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/archive/1/419504/100/0/threaded" - }, - { - "name" : "SUSE-SR:2005:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html" - }, - { - "name" : "TLSA-2006-38", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" - }, - { - "name" : "USN-232-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-232-1/" - }, - { - "name" : "15249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15249" - }, - { - "name" : "oval:org.mitre.oval:def:11481", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11481" - }, - { - "name" : "ADV-2005-2254", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2254" - }, - { - "name" : "ADV-2006-4320", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4320" - }, - { - "name" : "1015131", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015131" - }, - { - "name" : "17371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17371" - }, - { - "name" : "18054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18054" - }, - { - "name" : "18198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18198" - }, - { - "name" : "17559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17559" - }, - { - "name" : "17490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17490" - }, - { - "name" : "17510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17510" - }, - { - "name" : "17531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17531" - }, - { - "name" : "17557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17557" - }, - { - "name" : "18669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18669" - }, - { - "name" : "21252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21252" - }, - { - "name" : "22691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22691" - }, - { - "name" : "134", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15249" + }, + { + "name": "21252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21252" + }, + { + "name": "22691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22691" + }, + { + "name": "134", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/134" + }, + { + "name": "MDKSA-2005:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:213" + }, + { + "name": "RHSA-2005:831", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-831.html" + }, + { + "name": "TLSA-2006-38", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm" + }, + { + "name": "18198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18198" + }, + { + "name": "SSRT061238", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "HPSBMA02159", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522" + }, + { + "name": "18054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18054" + }, + { + "name": "ADV-2005-2254", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2254" + }, + { + "name": "20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415291" + }, + { + "name": "1015131", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015131" + }, + { + "name": "http://www.hardened-php.net/advisory_192005.78.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_192005.78.html" + }, + { + "name": "17559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17559" + }, + { + "name": "FLSA:166943", + "refsource": "FEDORA", + "url": "http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html" + }, + { + "name": "17371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17371" + }, + { + "name": "ADV-2006-4320", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4320" + }, + { + "name": "RHSA-2006:0549", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html" + }, + { + "name": "17490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17490" + }, + { + "name": "SUSE-SA:2005:069", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/archive/1/419504/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:11481", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11481" + }, + { + "name": "http://www.php.net/release_4_4_1.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_4_1.php" + }, + { + "name": "17510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17510" + }, + { + "name": "17531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17531" + }, + { + "name": "OpenPKG-SA-2005.027", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html" + }, + { + "name": "18669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18669" + }, + { + "name": "17557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17557" + }, + { + "name": "GLSA-200511-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml" + }, + { + "name": "USN-232-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-232-1/" + }, + { + "name": "RHSA-2005:838", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-838.html" + }, + { + "name": "SUSE-SR:2005:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3456.json b/2005/3xxx/CVE-2005-3456.json index 9b8a7973510..6ac17e5fcd8 100644 --- a/2005/3xxx/CVE-2005-3456.json +++ b/2005/3xxx/CVE-2005-3456.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3785.json b/2005/3xxx/CVE-2005-3785.json index 08ca306fcd8..20f30e76469 100644 --- a/2005/3xxx/CVE-2005-3785.json +++ b/2005/3xxx/CVE-2005-3785.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=112061", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=112061" - }, - { - "name" : "GLSA-200511-19", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml" - }, - { - "name" : "ADV-2005-2539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2539" - }, - { - "name" : "15541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15541" - }, - { - "name" : "17699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17699" + }, + { + "name": "GLSA-200511-19", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-19.xml" + }, + { + "name": "ADV-2005-2539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2539" + }, + { + "name": "15541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15541" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=112061", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=112061" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3831.json b/2005/3xxx/CVE-2005-3831.json index 55930be99f9..39b0eb5d2f5 100644 --- a/2005/3xxx/CVE-2005-3831.json +++ b/2005/3xxx/CVE-2005-3831.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051124 Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417588/30/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-60/advisory", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-60/advisory" - }, - { - "name" : "ADV-2005-2570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2570" - }, - { - "name" : "21073", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21073" - }, - { - "name" : "1015265", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015265" - }, - { - "name" : "1015266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015266" - }, - { - "name" : "1015267", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015267" - }, - { - "name" : "17420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2005-60/advisory", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-60/advisory" + }, + { + "name": "1015265", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015265" + }, + { + "name": "ADV-2005-2570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2570" + }, + { + "name": "1015267", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015267" + }, + { + "name": "20051124 Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417588/30/0/threaded" + }, + { + "name": "21073", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21073" + }, + { + "name": "17420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17420" + }, + { + "name": "1015266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015266" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4392.json b/2005/4xxx/CVE-2005-4392.json index c9afc09ace6..8c6d7b7ae3c 100644 --- a/2005/4xxx/CVE-2005-4392.json +++ b/2005/4xxx/CVE-2005-4392.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html" - }, - { - "name" : "15964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15964" - }, - { - "name" : "ADV-2005-2983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2983" - }, - { - "name" : "21881", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21881" - }, - { - "name" : "18140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18140" - }, - { - "name" : "epublish-printerfriendly-sql-injection(23827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "epublish-printerfriendly-sql-injection(23827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23827" + }, + { + "name": "18140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18140" + }, + { + "name": "ADV-2005-2983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2983" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html" + }, + { + "name": "21881", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21881" + }, + { + "name": "15964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15964" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4446.json b/2005/4xxx/CVE-2005-4446.json index 8aa3bc774f4..323e7879c39 100644 --- a/2005/4xxx/CVE-2005-4446.json +++ b/2005/4xxx/CVE-2005-4446.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15991" - }, - { - "name" : "18132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15991" + }, + { + "name": "18132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18132" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4673.json b/2005/4xxx/CVE-2005-4673.json index 39ac24d2069..f925adf35ed 100644 --- a/2005/4xxx/CVE-2005-4673.json +++ b/2005/4xxx/CVE-2005-4673.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.critical.lt/?vulnerabilities/119", - "refsource" : "MISC", - "url" : "http://www.critical.lt/?vulnerabilities/119" - }, - { - "name" : "http://www.security.nnov.ru/Kdocument79.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/Kdocument79.html" - }, - { - "name" : "15253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15253" - }, - { - "name" : "22709", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security.nnov.ru/Kdocument79.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/Kdocument79.html" + }, + { + "name": "15253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15253" + }, + { + "name": "22709", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22709" + }, + { + "name": "http://www.critical.lt/?vulnerabilities/119", + "refsource": "MISC", + "url": "http://www.critical.lt/?vulnerabilities/119" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2085.json b/2009/2xxx/CVE-2009-2085.json index 322505ae268..381a57d2dcf 100644 --- a/2009/2xxx/CVE-2009-2085.json +++ b/2009/2xxx/CVE-2009-2085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK83097", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097" - }, - { - "name" : "was-csiv2-security-bypass(52076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "was-csiv2-security-bypass(52076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52076" + }, + { + "name": "PK83097", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2382.json b/2009/2xxx/CVE-2009-2382.json index a2583b4399c..961b2fbf3a7 100644 --- a/2009/2xxx/CVE-2009-2382.json +++ b/2009/2xxx/CVE-2009-2382.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9053", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9053" - }, - { - "name" : "55505", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55505" - }, - { - "name" : "35660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35660" - }, - { - "name" : "phpmyblockchecker-phpmybcadmin-auth-bypass(51445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmyblockchecker-phpmybcadmin-auth-bypass(51445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51445" + }, + { + "name": "9053", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9053" + }, + { + "name": "55505", + "refsource": "OSVDB", + "url": "http://osvdb.org/55505" + }, + { + "name": "35660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35660" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2517.json b/2009/2xxx/CVE-2009-2517.json index 06620f55db0..88d6f12238e 100644 --- a/2009/2xxx/CVE-2009-2517.json +++ b/2009/2xxx/CVE-2009-2517.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka \"Windows Kernel Exception Handler Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-058" - }, - { - "name" : "TA09-286A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6512", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka \"Windows Kernel Exception Handler Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS09-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-058" + }, + { + "name": "oval:org.mitre.oval:def:6512", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6512" + }, + { + "name": "TA09-286A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2620.json b/2009/2xxx/CVE-2009-2620.json index 61ad846ce12..5a46b4d87ab 100644 --- a/2009/2xxx/CVE-2009-2620.json +++ b/2009/2xxx/CVE-2009-2620.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9295", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9295" - }, - { - "name" : "http://www.coresecurity.com/content/firebird-sql-dos", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/firebird-sql-dos" - }, - { - "name" : "http://tracker.firebirdsql.org/browse/CORE-2563", - "refsource" : "CONFIRM", - "url" : "http://tracker.firebirdsql.org/browse/CORE-2563" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=514463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=514463" - }, - { - "name" : "FEDORA-2009-8317", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html" - }, - { - "name" : "FEDORA-2009-8340", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html" - }, - { - "name" : "35842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35842" + }, + { + "name": "FEDORA-2009-8317", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html" + }, + { + "name": "http://www.coresecurity.com/content/firebird-sql-dos", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/firebird-sql-dos" + }, + { + "name": "9295", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9295" + }, + { + "name": "FEDORA-2009-8340", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=514463", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463" + }, + { + "name": "http://tracker.firebirdsql.org/browse/CORE-2563", + "refsource": "CONFIRM", + "url": "http://tracker.firebirdsql.org/browse/CORE-2563" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2779.json b/2009/2xxx/CVE-2009-2779.json index f8fc95e99c9..221f74f8544 100644 --- a/2009/2xxx/CVE-2009-2779.json +++ b/2009/2xxx/CVE-2009-2779.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0907-exploits/ajmatrixdna-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0907-exploits/ajmatrixdna-sql.txt" - }, - { - "name" : "56639", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56639" - }, - { - "name" : "36095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36095" + }, + { + "name": "56639", + "refsource": "OSVDB", + "url": "http://osvdb.org/56639" + }, + { + "name": "http://packetstormsecurity.org/0907-exploits/ajmatrixdna-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0907-exploits/ajmatrixdna-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2931.json b/2009/2xxx/CVE-2009-2931.json index 7363a2f163a..fe3a412f5a3 100644 --- a/2009/2xxx/CVE-2009-2931.json +++ b/2009/2xxx/CVE-2009-2931.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090806 [CSS09-01] SlideShowPro Director File Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505534/100/0/threaded" - }, - { - "name" : "http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf", - "refsource" : "MISC", - "url" : "http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf" - }, - { - "name" : "http://slideshowpro.net/news/archive/2009/07/director-139-fi.php", - "refsource" : "CONFIRM", - "url" : "http://slideshowpro.net/news/archive/2009/07/director-139-fi.php" - }, - { - "name" : "56825", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/56825" - }, - { - "name" : "36197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in p.php in SlideShowPro Director 1.1 through 1.3.8 allows remote attackers to read arbitrary files via directory traversal sequences in the a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56825", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/56825" + }, + { + "name": "36197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36197" + }, + { + "name": "20090806 [CSS09-01] SlideShowPro Director File Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505534/100/0/threaded" + }, + { + "name": "http://slideshowpro.net/news/archive/2009/07/director-139-fi.php", + "refsource": "CONFIRM", + "url": "http://slideshowpro.net/news/archive/2009/07/director-139-fi.php" + }, + { + "name": "http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf", + "refsource": "MISC", + "url": "http://www.clearskies.net/documents/css-advisory-css09001-sspdirector.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2961.json b/2009/2xxx/CVE-2009-2961.json index 323c6900cd8..e7f8d721ab5 100644 --- a/2009/2xxx/CVE-2009-2961.json +++ b/2009/2xxx/CVE-2009-2961.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9467", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9467" - }, - { - "name" : "kolplayer-mp3-bo(52629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9467", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9467" + }, + { + "name": "kolplayer-mp3-bo(52629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52629" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3166.json b/2009/3xxx/CVE-2009-3166.json index ee8974cf267..9b4852e2d3c 100644 --- a/2009/3xxx/CVE-2009-3166.json +++ b/2009/3xxx/CVE-2009-3166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.0.8/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.0.8/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508189", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508189" - }, - { - "name" : "36372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36372" - }, - { - "name" : "1022902", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022902" - }, - { - "name" : "36718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugzilla.org/security/3.0.8/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.0.8/" + }, + { + "name": "1022902", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022902" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=508189", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=508189" + }, + { + "name": "36372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36372" + }, + { + "name": "36718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36718" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3527.json b/2009/3xxx/CVE-2009-3527.json index 8fc24f8607e..30c69f67780 100644 --- a/2009/3xxx/CVE-2009-3527.json +++ b/2009/3xxx/CVE-2009-3527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090913 Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506449" - }, - { - "name" : "FreeBSD-SA-09:13", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc" - }, - { - "name" : "36375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36375" - }, - { - "name" : "58544", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/58544" - }, - { - "name" : "1022982", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022982", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022982" + }, + { + "name": "FreeBSD-SA-09:13", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:13.pipe.asc" + }, + { + "name": "58544", + "refsource": "OSVDB", + "url": "http://osvdb.org/58544" + }, + { + "name": "20090913 Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506449" + }, + { + "name": "36375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36375" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3678.json b/2009/3xxx/CVE-2009-3678.json index d65f7465944..713e4bd9c60 100644 --- a/2009/3xxx/CVE-2009-3678.json +++ b/2009/3xxx/CVE-2009-3678.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using \"Browse with Irfanview\" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka \"Canonical Display Driver Integer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-3678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys", - "refsource" : "MISC", - "url" : "http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys" - }, - { - "name" : "http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html", - "refsource" : "MISC", - "url" : "http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html" - }, - { - "name" : "http://isc.sans.org/diary.html?storyid=8809", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.html?storyid=8809" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx" - }, - { - "name" : "http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/2028859.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/2028859.mspx" - }, - { - "name" : "MS10-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043" - }, - { - "name" : "TA10-194A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" - }, - { - "name" : "40237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40237" - }, - { - "name" : "64731", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64731" - }, - { - "name" : "oval:org.mitre.oval:def:7195", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195" - }, - { - "name" : "39577", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39577" - }, - { - "name" : "ADV-2010-1178", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1178" - }, - { - "name" : "ms-win-irfanview-dos(58622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using \"Browse with Irfanview\" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka \"Canonical Display Driver Integer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.microsoft.com/technet/security/advisory/2028859.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/2028859.mspx" + }, + { + "name": "http://isc.sans.org/diary.html?storyid=8809", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.html?storyid=8809" + }, + { + "name": "64731", + "refsource": "OSVDB", + "url": "http://osvdb.org/64731" + }, + { + "name": "oval:org.mitre.oval:def:7195", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7195" + }, + { + "name": "http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys", + "refsource": "MISC", + "url": "http://en.irfanview-forum.de/vb/showthread.php?5647-V4-25-bluescreen-with-Windows-7-cdd-dll-win32k-sys" + }, + { + "name": "MS10-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-043" + }, + { + "name": "http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/srd/archive/2010/05/18/cdd-dll-vulnerability-difficult-to-exploit.aspx" + }, + { + "name": "ms-win-irfanview-dos(58622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58622" + }, + { + "name": "TA10-194A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2010/05/18/security-advisory-2028859-released.aspx" + }, + { + "name": "39577", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39577" + }, + { + "name": "40237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40237" + }, + { + "name": "ADV-2010-1178", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1178" + }, + { + "name": "http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html", + "refsource": "MISC", + "url": "http://pcandmactech.blogspot.com/2009/12/irfanview-and-bsod.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3974.json b/2009/3xxx/CVE-2009-3974.json index f30da613692..6330e98297b 100644 --- a/2009/3xxx/CVE-2009-3974.json +++ b/2009/3xxx/CVE-2009-3974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/", - "refsource" : "CONFIRM", - "url" : "http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/" - }, - { - "name" : "ADV-2009-2413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/", + "refsource": "CONFIRM", + "url": "http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/" + }, + { + "name": "ADV-2009-2413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2413" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4111.json b/2009/4xxx/CVE-2009-4111.json index 19eb7129466..b460dacd569 100644 --- a/2009/4xxx/CVE-2009-4111.json +++ b/2009/4xxx/CVE-2009-4111.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/23/8" - }, - { - "name" : "[oss-security] 20091128 Re: CVE request: Argument injections in multiple PEAR packages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/28/2" - }, - { - "name" : "http://pear.php.net/bugs/bug.php?id=16200", - "refsource" : "MISC", - "url" : "http://pear.php.net/bugs/bug.php?id=16200" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=294256", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=294256" - }, - { - "name" : "DSA-1938", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1938" - }, - { - "name" : "SUSE-SR:2010:020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" - }, - { - "name" : "37395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37395" - }, - { - "name" : "37458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2010:020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html" + }, + { + "name": "37458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37458" + }, + { + "name": "[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/23/8" + }, + { + "name": "http://pear.php.net/bugs/bug.php?id=16200", + "refsource": "MISC", + "url": "http://pear.php.net/bugs/bug.php?id=16200" + }, + { + "name": "DSA-1938", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1938" + }, + { + "name": "[oss-security] 20091128 Re: CVE request: Argument injections in multiple PEAR packages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/28/2" + }, + { + "name": "37395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37395" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=294256", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=294256" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4708.json b/2009/4xxx/CVE-2009-4708.json index 60997c8f49c..fbdec512c69 100644 --- a/2009/4xxx/CVE-2009-4708.json +++ b/2009/4xxx/CVE-2009-4708.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4710.json b/2009/4xxx/CVE-2009-4710.json index 16ae2c5cbb8..c4bd02e9fb9 100644 --- a/2009/4xxx/CVE-2009-4710.json +++ b/2009/4xxx/CVE-2009-4710.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - }, - { - "name" : "35876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35876" - }, - { - "name" : "36084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35876" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + }, + { + "name": "36084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36084" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0538.json b/2015/0xxx/CVE-2015-0538.json index 66364bb0af5..293fc4723f3 100644 --- a/2015/0xxx/CVE-2015-0538.json +++ b/2015/0xxx/CVE-2015-0538.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2015-0538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150504 ESA-2015-084: EMC AutoStart Packet Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2015/May/25" - }, - { - "name" : "http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html" - }, - { - "name" : "VU#581276", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/581276" - }, - { - "name" : "1032237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032237" + }, + { + "name": "http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131749/EMC-AutoStart-5.4.3-5.5.0-Packet-Injection.html" + }, + { + "name": "20150504 ESA-2015-084: EMC AutoStart Packet Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2015/May/25" + }, + { + "name": "VU#581276", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/581276" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0584.json b/2015/0xxx/CVE-2015-0584.json index 396e529268a..ab33c8fab1f 100644 --- a/2015/0xxx/CVE-2015-0584.json +++ b/2015/0xxx/CVE-2015-0584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150219 Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0584" - }, - { - "name" : "72696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72696" + }, + { + "name": "20150219 Cisco Collaboration Desk Experience Endpoints Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0584" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0630.json b/2015/0xxx/CVE-2015-0630.json index 06e78bd4526..c6fd35544aa 100644 --- a/2015/0xxx/CVE-2015-0630.json +++ b/2015/0xxx/CVE-2015-0630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0709.json b/2015/0xxx/CVE-2015-0709.json index a93803d0c8b..9bfc5b9519a 100644 --- a/2015/0xxx/CVE-2015-0709.json +++ b/2015/0xxx/CVE-2015-0709.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150428 Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38544" - }, - { - "name" : "1032211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032211" + }, + { + "name": "20150428 Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38544" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0853.json b/2015/0xxx/CVE-2015-0853.json index c38d2432c60..f305bf552d7 100644 --- a/2015/0xxx/CVE-2015-0853.json +++ b/2015/0xxx/CVE-2015-0853.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the \"Command Shell\" menu item while in the directory trunk/$(xeyes)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150913 CVE-2015-0853: insecure use of os.system() in svn-workbench", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/09/13/3" - }, - { - "name" : "http://pysvn.tigris.org/issues/show_bug.cgi?id=202", - "refsource" : "MISC", - "url" : "http://pysvn.tigris.org/issues/show_bug.cgi?id=202" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1262928", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1262928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the \"Command Shell\" menu item while in the directory trunk/$(xeyes)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pysvn.tigris.org/issues/show_bug.cgi?id=202", + "refsource": "MISC", + "url": "http://pysvn.tigris.org/issues/show_bug.cgi?id=202" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262928", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262928" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863" + }, + { + "name": "[oss-security] 20150913 CVE-2015-0853: insecure use of os.system() in svn-workbench", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/09/13/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1139.json b/2015/1xxx/CVE-2015-1139.json index f577270880f..b5f16ce840f 100644 --- a/2015/1xxx/CVE-2015-1139.json +++ b/2015/1xxx/CVE-2015-1139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "73982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73982" - }, - { - "name" : "1032048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "73982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73982" + }, + { + "name": "1032048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032048" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1294.json b/2015/1xxx/CVE-2015-1294.json index d14051525f5..16448839720 100644 --- a/2015/1xxx/CVE-2015-1294.json +++ b/2015/1xxx/CVE-2015-1294.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=492263", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=492263" - }, - { - "name" : "https://codereview.chromium.org/1188433011/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1188433011/" - }, - { - "name" : "DSA-3351", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3351" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1712", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" - }, - { - "name" : "openSUSE-SU-2015:1873", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2015:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" - }, - { - "name" : "1033472", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2015:1873", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" + }, + { + "name": "RHSA-2015:1712", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html" + }, + { + "name": "1033472", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033472" + }, + { + "name": "openSUSE-SU-2015:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=492263", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=492263" + }, + { + "name": "DSA-3351", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3351" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "https://codereview.chromium.org/1188433011/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1188433011/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1730.json b/2015/1xxx/CVE-2015-1730.json index 9d00ff7a5d3..d2beaefc19e 100644 --- a/2015/1xxx/CVE-2015-1730.json +++ b/2015/1xxx/CVE-2015-1730.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150701 Microsoft Internet Explorer \"JavascriptStackWalker\" Invalid Pointer Reference Vulnerability", - "refsource" : "IDEFENSE", - "url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1099" - }, - { - "name" : "40881", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/40881/" - }, - { - "name" : "http://blog.skylined.nl/20161206001.html", - "refsource" : "MISC", - "url" : "http://blog.skylined.nl/20161206001.html" - }, - { - "name" : "http://packetstormsecurity.com/files/140050/Microsoft-Internet-Explorer-9-jscript9-JavaScriptStackWalker-Memory-Corruption.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/140050/Microsoft-Internet-Explorer-9-jscript9-JavaScriptStackWalker-Memory-Corruption.html" - }, - { - "name" : "MS15-056", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" - }, - { - "name" : "1032521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-056", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" + }, + { + "name": "40881", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/40881/" + }, + { + "name": "http://blog.skylined.nl/20161206001.html", + "refsource": "MISC", + "url": "http://blog.skylined.nl/20161206001.html" + }, + { + "name": "20150701 Microsoft Internet Explorer \"JavascriptStackWalker\" Invalid Pointer Reference Vulnerability", + "refsource": "IDEFENSE", + "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1099" + }, + { + "name": "http://packetstormsecurity.com/files/140050/Microsoft-Internet-Explorer-9-jscript9-JavaScriptStackWalker-Memory-Corruption.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/140050/Microsoft-Internet-Explorer-9-jscript9-JavaScriptStackWalker-Memory-Corruption.html" + }, + { + "name": "1032521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032521" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1895.json b/2015/1xxx/CVE-2015-1895.json index bad2179f8d8..a7535c296c1 100644 --- a/2015/1xxx/CVE-2015-1895.json +++ b/2015/1xxx/CVE-2015-1895.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700768", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700768" - }, - { - "name" : "74442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74442" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4055.json b/2015/4xxx/CVE-2015-4055.json index c63e8aa98f0..4c59b019f5f 100644 --- a/2015/4xxx/CVE-2015-4055.json +++ b/2015/4xxx/CVE-2015-4055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4055", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-4055", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4438.json b/2015/4xxx/CVE-2015-4438.json index 45906e8f1dd..8ba100f83d7 100644 --- a/2015/4xxx/CVE-2015-4438.json +++ b/2015/4xxx/CVE-2015-4438.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-4438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75737" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75737" + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4968.json b/2015/4xxx/CVE-2015-4968.json index 22d686f3a02..82cf06d1792 100644 --- a/2015/4xxx/CVE-2015-4968.json +++ b/2015/4xxx/CVE-2015-4968.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4968", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4968", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5409.json b/2015/5xxx/CVE-2015-5409.json index 47cf9ad941e..ba179039f59 100644 --- a/2015/5xxx/CVE-2015-5409.json +++ b/2015/5xxx/CVE-2015-5409.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" - }, - { - "name" : "1033378", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033378", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033378" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04765115" + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2085.json b/2018/2xxx/CVE-2018-2085.json index 237ae85dd24..01ad7df8907 100644 --- a/2018/2xxx/CVE-2018-2085.json +++ b/2018/2xxx/CVE-2018-2085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2085", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2085", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/2xxx/CVE-2018-2240.json b/2018/2xxx/CVE-2018-2240.json index d8d01ee5339..7156c6fd201 100644 --- a/2018/2xxx/CVE-2018-2240.json +++ b/2018/2xxx/CVE-2018-2240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-2240", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-2240", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3306.json b/2018/3xxx/CVE-2018-3306.json index 69c532cc5f2..5d4e5bbe044 100644 --- a/2018/3xxx/CVE-2018-3306.json +++ b/2018/3xxx/CVE-2018-3306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3498.json b/2018/3xxx/CVE-2018-3498.json index 405ccead3b4..b51b2027e15 100644 --- a/2018/3xxx/CVE-2018-3498.json +++ b/2018/3xxx/CVE-2018-3498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3498", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3498", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3616.json b/2018/3xxx/CVE-2018-3616.json index ed9832b7a0c..b28049196f1 100644 --- a/2018/3xxx/CVE-2018-3616.json +++ b/2018/3xxx/CVE-2018-3616.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-3616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 12.0.5." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-3616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "Versions before 12.0.5." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05" - }, - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180924-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180924-0003/" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf" - }, - { - "name" : "106996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html" + }, + { + "name": "106996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106996" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180924-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180924-0003/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6011.json b/2018/6xxx/CVE-2018-6011.json index 059c1ca5d9e..6944be3a938 100644 --- a/2018/6xxx/CVE-2018-6011.json +++ b/2018/6xxx/CVE-2018-6011.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a \"Use of Password Hash Instead of Password for Authentication\" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger", - "refsource" : "MISC", - "url" : "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a \"Use of Password Hash Instead of Password for Authentication\" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger", + "refsource": "MISC", + "url": "http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6017.json b/2018/6xxx/CVE-2018-6017.json index b493480d385..d9d2ce145f7 100644 --- a/2018/6xxx/CVE-2018-6017.json +++ b/2018/6xxx/CVE-2018-6017.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/", - "refsource" : "MISC", - "url" : "https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/" - }, - { - "name" : "https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/", - "refsource" : "MISC", - "url" : "https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/", + "refsource": "MISC", + "url": "https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/" + }, + { + "name": "https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/", + "refsource": "MISC", + "url": "https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6354.json b/2018/6xxx/CVE-2018-6354.json index 7b8d79e4bd5..aa50d18fb97 100644 --- a/2018/6xxx/CVE-2018-6354.json +++ b/2018/6xxx/CVE-2018-6354.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/formspree/formspree/commit/5f18eeaaa459bee9a58f70cdf7c46adb1ef34ea7", - "refsource" : "MISC", - "url" : "https://github.com/formspree/formspree/commit/5f18eeaaa459bee9a58f70cdf7c46adb1ef34ea7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/formspree/formspree/commit/5f18eeaaa459bee9a58f70cdf7c46adb1ef34ea7", + "refsource": "MISC", + "url": "https://github.com/formspree/formspree/commit/5f18eeaaa459bee9a58f70cdf7c46adb1ef34ea7" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6726.json b/2018/6xxx/CVE-2018-6726.json index e8c7167b547..e2209d9edd1 100644 --- a/2018/6xxx/CVE-2018-6726.json +++ b/2018/6xxx/CVE-2018-6726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7008.json b/2018/7xxx/CVE-2018-7008.json index 819fc455938..a14f3815c18 100644 --- a/2018/7xxx/CVE-2018-7008.json +++ b/2018/7xxx/CVE-2018-7008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7008", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7008", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7327.json b/2018/7xxx/CVE-2018-7327.json index 0d7533c8776..291007f9122 100644 --- a/2018/7xxx/CVE-2018-7327.json +++ b/2018/7xxx/CVE-2018-7327.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "name" : "103158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" + }, + { + "name": "103158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103158" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7388.json b/2018/7xxx/CVE-2018-7388.json index 4fff43f950f..b54a719f047 100644 --- a/2018/7xxx/CVE-2018-7388.json +++ b/2018/7xxx/CVE-2018-7388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7913.json b/2018/7xxx/CVE-2018-7913.json index e574ded1101..c3c62805576 100644 --- a/2018/7xxx/CVE-2018-7913.json +++ b/2018/7xxx/CVE-2018-7913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7913", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7913", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8229.json b/2018/8xxx/CVE-2018-8229.json index d2afab8f2d1..009aa83e287 100644 --- a/2018/8xxx/CVE-2018-8229.json +++ b/2018/8xxx/CVE-2018-8229.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45013", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45013/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229" - }, - { - "name" : "104369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104369" - }, - { - "name" : "1041097", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104369" + }, + { + "name": "45013", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45013/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229" + }, + { + "name": "1041097", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041097" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8402.json b/2018/8xxx/CVE-2018-8402.json index 4adb91e25ac..a1f6a06d5b9 100644 --- a/2018/8xxx/CVE-2018-8402.json +++ b/2018/8xxx/CVE-2018-8402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file