diff --git a/2002/2xxx/CVE-2002-2014.json b/2002/2xxx/CVE-2002-2014.json index 8556d146f22..032fc7e8c1f 100644 --- a/2002/2xxx/CVE-2002-2014.json +++ b/2002/2xxx/CVE-2002-2014.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020130 Enumerating users on a Domino webserver", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html" - }, - { - "name" : "20020131 Script for find domino", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html" - }, - { - "name" : "3991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3991" - }, - { - "name" : "lotus-domino-username-disclosure(8038)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8038.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3991" + }, + { + "name": "20020131 Script for find domino", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html" + }, + { + "name": "20020130 Enumerating users on a Domino webserver", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html" + }, + { + "name": "lotus-domino-username-disclosure(8038)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8038.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2172.json b/2002/2xxx/CVE-2002-2172.json index 1d6334b3a25..790c8aeeb0d 100644 --- a/2002/2xxx/CVE-2002-2172.json +++ b/2002/2xxx/CVE-2002-2172.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020925 Shana Informed 3.05 information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/293052" - }, - { - "name" : "http://www.cirt.net/advisories/shana.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/shana.shtml" - }, - { - "name" : "informed-document-information-disclosure(10192)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10192.php" - }, - { - "name" : "5795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020925 Shana Informed 3.05 information disclosure", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/293052" + }, + { + "name": "informed-document-information-disclosure(10192)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10192.php" + }, + { + "name": "5795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5795" + }, + { + "name": "http://www.cirt.net/advisories/shana.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/shana.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0117.json b/2005/0xxx/CVE-2005-0117.json index 1fe2c8cdf2c..5fd5c879b93 100644 --- a/2005/0xxx/CVE-2005-0117.json +++ b/2005/0xxx/CVE-2005-0117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784" - }, - { - "name" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0215.json b/2005/0xxx/CVE-2005-0215.json index d0de710cec5..7d41435de35 100644 --- a/2005/0xxx/CVE-2005-0215.json +++ b/2005/0xxx/CVE-2005-0215.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050107 Mozilla XBM Image Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110512665029209&w=2" - }, - { - "name" : "mozilla-xbm-dos(18803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050107 Mozilla XBM Image Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110512665029209&w=2" + }, + { + "name": "mozilla-xbm-dos(18803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18803" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0348.json b/2005/0xxx/CVE-2005-0348.json index 4d2963e687e..cd456083f86 100644 --- a/2005/0xxx/CVE-2005-0348.json +++ b/2005/0xxx/CVE-2005-0348.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050208 Integer overflow and arbitrary files deletion in RealArcade", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110792779115794&w=2" - }, - { - "name" : "12494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12494" - }, - { - "name" : "1013128", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013128" - }, - { - "name" : "14187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14187/" - }, - { - "name" : "realarcade-rgp-file-deletion(19260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14187/" + }, + { + "name": "realarcade-rgp-file-deletion(19260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19260" + }, + { + "name": "1013128", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013128" + }, + { + "name": "12494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12494" + }, + { + "name": "20050208 Integer overflow and arbitrary files deletion in RealArcade", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110792779115794&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0704.json b/2005/0xxx/CVE-2005-0704.json index 2d4b71f9088..3c906440765 100644 --- a/2005/0xxx/CVE-2005-0704.json +++ b/2005/0xxx/CVE-2005-0704.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html" - }, - { - "name" : "FLSA-2006:152922", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" - }, - { - "name" : "GLSA-200503-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml" - }, - { - "name" : "MDKSA-2005:053", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053" - }, - { - "name" : "RHSA-2005:306", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-306.html" - }, - { - "name" : "12762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12762" - }, - { - "name" : "oval:org.mitre.oval:def:10447", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200503-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml" + }, + { + "name": "MDKSA-2005:053", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00018.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00018.html" + }, + { + "name": "RHSA-2005:306", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-306.html" + }, + { + "name": "oval:org.mitre.oval:def:10447", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10447" + }, + { + "name": "FLSA-2006:152922", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" + }, + { + "name": "12762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12762" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1173.json b/2005/1xxx/CVE-2005-1173.json index e1f114f3e93..167d038f366 100644 --- a/2005/1xxx/CVE-2005-1173.json +++ b/2005/1xxx/CVE-2005-1173.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050418 ERNW Security Advisory 01/2005", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111384806002021&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050418 ERNW Security Advisory 01/2005", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111384806002021&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1184.json b/2005/1xxx/CVE-2005-1184.json index a1df59b2010..e8531d2a1d9 100644 --- a/2005/1xxx/CVE-2005-1184.json +++ b/2005/1xxx/CVE-2005-1184.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of \"keep alive\" packets. NOTE: some followups indicate that this issue could not be replicated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050416 TCP/IP Stack Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html" - }, - { - "name" : "20050418 Re: TCP/IP Stack Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html" - }, - { - "name" : "20050418 Re: TCP/IP Stack Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html" - }, - { - "name" : "13215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13215" - }, - { - "name" : "multiple-tcpip-dos(40502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of \"keep alive\" packets. NOTE: some followups indicate that this issue could not be replicated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050416 TCP/IP Stack Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0358.html" + }, + { + "name": "20050418 Re: TCP/IP Stack Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0385.html" + }, + { + "name": "13215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13215" + }, + { + "name": "20050418 Re: TCP/IP Stack Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0383.html" + }, + { + "name": "multiple-tcpip-dos(40502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40502" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1345.json b/2005/1xxx/CVE-2005-1345.json index 31832524f0e..0cd6898e486 100644 --- a/2005/1xxx/CVE-2005-1345.json +++ b/2005/1xxx/CVE-2005-1345.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error" - }, - { - "name" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255" - }, - { - "name" : "CLA-2005:948", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948" - }, - { - "name" : "DSA-721", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-721" - }, - { - "name" : "FLSA-2006:152809", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "RHSA-2005:415", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-415.html" - }, - { - "name" : "oval:org.mitre.oval:def:10513", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FLSA-2006:152809", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "CLA-2005:948", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948" + }, + { + "name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=1255" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error" + }, + { + "name": "oval:org.mitre.oval:def:10513", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10513" + }, + { + "name": "RHSA-2005:415", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-415.html" + }, + { + "name": "DSA-721", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-721" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1422.json b/2005/1xxx/CVE-2005-1422.json index 0dadf1280dc..d83b1c84e44 100644 --- a/2005/1xxx/CVE-2005-1422.json +++ b/2005/1xxx/CVE-2005-1422.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt" - }, - { - "name" : "1013860", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013860", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013860" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1428.json b/2005/1xxx/CVE-2005-1428.json index a310f545dc3..92215a16393 100644 --- a/2005/1xxx/CVE-2005-1428.json +++ b/2005/1xxx/CVE-2005-1428.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013830", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013830" - }, - { - "name" : "uapplication-information-disclosure(20314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "uapplication-information-disclosure(20314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314" + }, + { + "name": "1013830", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013830" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1546.json b/2005/1xxx/CVE-2005-1546.json index 36b22578b22..58c29013116 100644 --- a/2005/1xxx/CVE-2005-1546.json +++ b/2005/1xxx/CVE-2005-1546.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-743", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-743" - }, - { - "name" : "GLSA-200505-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200505-08.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200505-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-08.xml" + }, + { + "name": "DSA-743", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-743" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4295.json b/2005/4xxx/CVE-2005-4295.json index 6b52b119aea..61086771c28 100644 --- a/2005/4xxx/CVE-2005-4295.json +++ b/2005/4xxx/CVE-2005-4295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18712" - }, - { - "name" : "ADV-2005-2922", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2922" - }, - { - "name" : "18065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18712" + }, + { + "name": "ADV-2005-2922", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2922" + }, + { + "name": "18065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18065" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4366.json b/2005/4xxx/CVE-2005-4366.json index 2432cfc7ca5..9078f6ca2fb 100644 --- a/2005/4xxx/CVE-2005-4366.json +++ b/2005/4xxx/CVE-2005-4366.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html" - }, - { - "name" : "15644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15644" - }, - { - "name" : "21179", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21179" - }, - { - "name" : "21180", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21180" - }, - { - "name" : "21181", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21181" - }, - { - "name" : "21182", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21182" - }, - { - "name" : "21183", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21183" - }, - { - "name" : "21184", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21184" - }, - { - "name" : "21185", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21185" - }, - { - "name" : "21186", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21186" - }, - { - "name" : "21187", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21187" - }, - { - "name" : "21188", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21188" - }, - { - "name" : "21189", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21189" - }, - { - "name" : "21190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21190" - }, - { - "name" : "21191", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21191" - }, - { - "name" : "21192", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21186", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21186" + }, + { + "name": "21183", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21183" + }, + { + "name": "21189", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21189" + }, + { + "name": "21187", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21187" + }, + { + "name": "21181", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21181" + }, + { + "name": "21180", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21180" + }, + { + "name": "21184", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21184" + }, + { + "name": "21188", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21188" + }, + { + "name": "21182", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21182" + }, + { + "name": "21179", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21179" + }, + { + "name": "21192", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21192" + }, + { + "name": "21190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21190" + }, + { + "name": "21185", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21185" + }, + { + "name": "15644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15644" + }, + { + "name": "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html" + }, + { + "name": "21191", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21191" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4900.json b/2005/4xxx/CVE-2005-4900.json index 0d8fdd4abe8..ec7b07cde0d 100644 --- a/2005/4xxx/CVE-2005-4900.json +++ b/2005/4xxx/CVE-2005-4900.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ia.cr/2007/474", - "refsource" : "MISC", - "url" : "http://ia.cr/2007/474" - }, - { - "name" : "http://shattered.io/", - "refsource" : "MISC", - "url" : "http://shattered.io/" - }, - { - "name" : "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1", - "refsource" : "MISC", - "url" : "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1" - }, - { - "name" : "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/", - "refsource" : "MISC", - "url" : "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/" - }, - { - "name" : "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html" - }, - { - "name" : "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html" - }, - { - "name" : "https://sites.google.com/site/itstheshappening", - "refsource" : "MISC", - "url" : "https://sites.google.com/site/itstheshappening" - }, - { - "name" : "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html", - "refsource" : "MISC", - "url" : "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html" - }, - { - "name" : "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html", - "refsource" : "MISC", - "url" : "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html" - }, - { - "name" : "12577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sites.google.com/site/itstheshappening", + "refsource": "MISC", + "url": "https://sites.google.com/site/itstheshappening" + }, + { + "name": "12577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12577" + }, + { + "name": "http://shattered.io/", + "refsource": "MISC", + "url": "http://shattered.io/" + }, + { + "name": "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html", + "refsource": "MISC", + "url": "https://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html" + }, + { + "name": "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1", + "refsource": "MISC", + "url": "http://www.cwi.nl/news/2017/cwi-and-google-announce-first-collision-industry-security-standard-sha-1" + }, + { + "name": "http://ia.cr/2007/474", + "refsource": "MISC", + "url": "http://ia.cr/2007/474" + }, + { + "name": "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html" + }, + { + "name": "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html" + }, + { + "name": "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html", + "refsource": "MISC", + "url": "https://www.schneier.com/blog/archives/2005/02/sha1_broken.html" + }, + { + "name": "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/", + "refsource": "MISC", + "url": "https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0127.json b/2009/0xxx/CVE-2009-0127.json index 7216b9a24eb..cd208eafdc3 100644 --- a/2009/0xxx/CVE-2009-0127.json +++ b/2009/0xxx/CVE-2009-0127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because \"these functions are not used anywhere in m2crypto.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/12/4" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479676", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because \"these functions are not used anywhere in m2crypto.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=479676", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479676" + }, + { + "name": "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/12/4" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0385.json b/2009/0xxx/CVE-2009-0385.json index da2af7e4716..f1c1107a003 100644 --- a/2009/0xxx/CVE-2009-0385.json +++ b/2009/0xxx/CVE-2009-0385.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500514/100/0/threaded" - }, - { - "name" : "http://www.trapkit.de/advisories/TKADV2009-004.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2009-004.txt" - }, - { - "name" : "http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17", - "refsource" : "CONFIRM", - "url" : "http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17" - }, - { - "name" : "http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846", - "refsource" : "CONFIRM", - "url" : "http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846" - }, - { - "name" : "http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846", - "refsource" : "CONFIRM", - "url" : "http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846" - }, - { - "name" : "DSA-1781", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1781" - }, - { - "name" : "DSA-1782", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1782" - }, - { - "name" : "FEDORA-2009-3428", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" - }, - { - "name" : "FEDORA-2009-3433", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" - }, - { - "name" : "GLSA-200903-33", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200903-33.xml" - }, - { - "name" : "MDVSA-2009:297", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:297" - }, - { - "name" : "USN-734-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-734-1" - }, - { - "name" : "33502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33502" - }, - { - "name" : "34296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34296" - }, - { - "name" : "34385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34385" - }, - { - "name" : "34712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34712" - }, - { - "name" : "34905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34905" - }, - { - "name" : "34845", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34845" - }, - { - "name" : "ADV-2009-0277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0277" - }, - { - "name" : "51643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51643" - }, - { - "name" : "33711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33711" - }, - { - "name" : "ffmpeg-fourxmreadheader-code-execution(48330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0277" + }, + { + "name": "http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846", + "refsource": "CONFIRM", + "url": "http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846" + }, + { + "name": "34845", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34845" + }, + { + "name": "33711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33711" + }, + { + "name": "33502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33502" + }, + { + "name": "DSA-1781", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1781" + }, + { + "name": "51643", + "refsource": "OSVDB", + "url": "http://osvdb.org/51643" + }, + { + "name": "USN-734-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-734-1" + }, + { + "name": "34905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34905" + }, + { + "name": "DSA-1782", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1782" + }, + { + "name": "http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17", + "refsource": "CONFIRM", + "url": "http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17" + }, + { + "name": "FEDORA-2009-3428", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html" + }, + { + "name": "34385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34385" + }, + { + "name": "GLSA-200903-33", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml" + }, + { + "name": "MDVSA-2009:297", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:297" + }, + { + "name": "FEDORA-2009-3433", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html" + }, + { + "name": "ffmpeg-fourxmreadheader-code-execution(48330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48330" + }, + { + "name": "34296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34296" + }, + { + "name": "34712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34712" + }, + { + "name": "http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846", + "refsource": "CONFIRM", + "url": "http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2009-004.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2009-004.txt" + }, + { + "name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0689.json b/2009/0xxx/CVE-2009-0689.json index 94fca7ce99b..042a7da7524 100644 --- a/2009/0xxx/CVE-2009-0689.json +++ b/2009/0xxx/CVE-2009-0689.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-0689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/63" - }, - { - "name" : "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/72" - }, - { - "name" : "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/73" - }, - { - "name" : "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/71" - }, - { - "name" : "20091211 Sunbird 0.9 Array Overrun (code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/77" - }, - { - "name" : "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/78" - }, - { - "name" : "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/69" - }, - { - "name" : "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/76" - }, - { - "name" : "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/75" - }, - { - "name" : "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/81" - }, - { - "name" : "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507977/100/0/threaded" - }, - { - "name" : "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507979/100/0/threaded" - }, - { - "name" : "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508423/100/0/threaded" - }, - { - "name" : "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508417/100/0/threaded" - }, - { - "name" : "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" - }, - { - "name" : "http://secunia.com/secunia_research/2009-35/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-35/" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" - }, - { - "name" : "http://www.opera.com/support/kb/view/942/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/942/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" - }, - { - "name" : "http://support.apple.com/kb/HT4077", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4077" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2010-03-29-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "MDVSA-2009:294", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" - }, - { - "name" : "MDVSA-2009:330", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" - }, - { - "name" : "RHSA-2009:1601", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1601.html" - }, - { - "name" : "RHSA-2010:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" - }, - { - "name" : "RHSA-2010:0154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" - }, - { - "name" : "RHSA-2014:0311", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0311.html" - }, - { - "name" : "RHSA-2014:0312", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0312.html" - }, - { - "name" : "272909", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "USN-915-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-915-1" - }, - { - "name" : "35510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35510" - }, - { - "name" : "oval:org.mitre.oval:def:6528", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" - }, - { - "name" : "oval:org.mitre.oval:def:9541", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" - }, - { - "name" : "1022478", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022478" - }, - { - "name" : "37431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37431" - }, - { - "name" : "37682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37682" - }, - { - "name" : "37683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37683" - }, - { - "name" : "38066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38066" - }, - { - "name" : "39001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39001" - }, - { - "name" : "38977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38977" - }, - { - "name" : "ADV-2009-3297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3297" - }, - { - "name" : "ADV-2009-3299", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3299" - }, - { - "name" : "ADV-2009-3334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3334" - }, - { - "name" : "ADV-2010-0094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0094" - }, - { - "name" : "ADV-2010-0648", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0648" - }, - { - "name" : "ADV-2010-0650", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" + }, + { + "name": "http://secunia.com/secunia_research/2009-35/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-35/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" + }, + { + "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/63" + }, + { + "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" + }, + { + "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/78" + }, + { + "name": "RHSA-2010:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" + }, + { + "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/75" + }, + { + "name": "MDVSA-2009:330", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" + }, + { + "name": "39001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39001" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/73" + }, + { + "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/72" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" + }, + { + "name": "ADV-2010-0094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0094" + }, + { + "name": "ADV-2010-0648", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0648" + }, + { + "name": "ADV-2010-0650", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0650" + }, + { + "name": "272909", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" + }, + { + "name": "ADV-2009-3299", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3299" + }, + { + "name": "RHSA-2009:1601", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" + }, + { + "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" + }, + { + "name": "APPLE-SA-2010-03-29-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" + }, + { + "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "RHSA-2014:0312", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" + }, + { + "name": "37683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37683" + }, + { + "name": "38977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38977" + }, + { + "name": "http://www.opera.com/support/kb/view/942/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/942/" + }, + { + "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/69" + }, + { + "name": "RHSA-2010:0154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" + }, + { + "name": "http://support.apple.com/kb/HT4077", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4077" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" + }, + { + "name": "oval:org.mitre.oval:def:6528", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" + }, + { + "name": "37682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37682" + }, + { + "name": "oval:org.mitre.oval:def:9541", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" + }, + { + "name": "38066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38066" + }, + { + "name": "USN-915-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-915-1" + }, + { + "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" + }, + { + "name": "RHSA-2014:0311", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" + }, + { + "name": "ADV-2009-3297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3297" + }, + { + "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/76" + }, + { + "name": "37431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37431" + }, + { + "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/81" + }, + { + "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/71" + }, + { + "name": "1022478", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022478" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" + }, + { + "name": "ADV-2009-3334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3334" + }, + { + "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/77" + }, + { + "name": "MDVSA-2009:294", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" + }, + { + "name": "35510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35510" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0773.json b/2009/0xxx/CVE-2009-0773.json index 99609098bb0..243fd1a348f 100644 --- a/2009/0xxx/CVE-2009-0773.json +++ b/2009/0xxx/CVE-2009-0773.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains \"some non-set elements,\" which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=457521", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=457521" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467499", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467499" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472787", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472787" - }, - { - "name" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm" - }, - { - "name" : "DSA-1751", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1751" - }, - { - "name" : "DSA-1830", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1830" - }, - { - "name" : "FEDORA-2009-3101", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" - }, - { - "name" : "MDVSA-2009:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075" - }, - { - "name" : "MDVSA-2009:083", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" - }, - { - "name" : "RHSA-2009:0315", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0315.html" - }, - { - "name" : "SSA:2009-083-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" - }, - { - "name" : "SSA:2009-083-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" - }, - { - "name" : "SUSE-SA:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html" - }, - { - "name" : "33990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33990" - }, - { - "name" : "oval:org.mitre.oval:def:10491", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10491" - }, - { - "name" : "oval:org.mitre.oval:def:5856", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5856" - }, - { - "name" : "oval:org.mitre.oval:def:5980", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5980" - }, - { - "name" : "oval:org.mitre.oval:def:6141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6141" - }, - { - "name" : "oval:org.mitre.oval:def:6708", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6708" - }, - { - "name" : "1021795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021795" - }, - { - "name" : "34145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34145" - }, - { - "name" : "34272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34272" - }, - { - "name" : "34383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34383" - }, - { - "name" : "34462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34462" - }, - { - "name" : "34464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34464" - }, - { - "name" : "34527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34527" - }, - { - "name" : "34140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34140" - }, - { - "name" : "ADV-2009-0632", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains \"some non-set elements,\" which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10491", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10491" + }, + { + "name": "RHSA-2009:0315", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html" + }, + { + "name": "SUSE-SA:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html" + }, + { + "name": "DSA-1830", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1830" + }, + { + "name": "oval:org.mitre.oval:def:6708", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6708" + }, + { + "name": "ADV-2009-0632", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0632" + }, + { + "name": "FEDORA-2009-3101", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html" + }, + { + "name": "DSA-1751", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1751" + }, + { + "name": "SSA:2009-083-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420" + }, + { + "name": "34140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34140" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html" + }, + { + "name": "oval:org.mitre.oval:def:5856", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5856" + }, + { + "name": "MDVSA-2009:083", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083" + }, + { + "name": "34464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34464" + }, + { + "name": "34272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34272" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=467499", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=467499" + }, + { + "name": "34527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34527" + }, + { + "name": "oval:org.mitre.oval:def:5980", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5980" + }, + { + "name": "34145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34145" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=457521", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=457521" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472787", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472787" + }, + { + "name": "SSA:2009-083-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952" + }, + { + "name": "34462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34462" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm" + }, + { + "name": "1021795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021795" + }, + { + "name": "MDVSA-2009:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075" + }, + { + "name": "33990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33990" + }, + { + "name": "34383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34383" + }, + { + "name": "oval:org.mitre.oval:def:6141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6141" + }, + { + "name": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0789.json b/2009/0xxx/CVE-2009-0789.json index 880f3a8e1aa..45d7bd563bb 100644 --- a/2009/0xxx/CVE-2009-0789.json +++ b/2009/0xxx/CVE-2009-0789.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847" - }, - { - "name" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", - "refsource" : "CONFIRM", - "url" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html" - }, - { - "name" : "http://www.openssl.org/news/secadv_20090325.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20090325.txt" - }, - { - "name" : "http://www.php.net/archive/2009.php#id2009-04-08-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2009.php#id2009-04-08-1" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA50", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA50" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "HPSBUX02435", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2" - }, - { - "name" : "SSRT090059", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2" - }, - { - "name" : "HPSBOV02540", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127678688104458&w=2" - }, - { - "name" : "NetBSD-SA2009-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "SUSE-SU-2011:0847", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" - }, - { - "name" : "openSUSE-SU-2011:0845", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" - }, - { - "name" : "34256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34256" - }, - { - "name" : "52866", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52866" - }, - { - "name" : "1021906", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021906" - }, - { - "name" : "34411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34411" - }, - { - "name" : "34460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34460" - }, - { - "name" : "34666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34666" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35380" - }, - { - "name" : "35729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35729" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "42724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42724" - }, - { - "name" : "42733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42733" - }, - { - "name" : "ADV-2009-0850", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0850" - }, - { - "name" : "ADV-2009-1020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1020" - }, - { - "name" : "ADV-2009-1175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1175" - }, - { - "name" : "ADV-2009-1548", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1548" - }, - { - "name" : "openssl-asn1-structure-dos(49433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090059", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2" + }, + { + "name": "ADV-2009-0850", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0850" + }, + { + "name": "ADV-2009-1175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1175" + }, + { + "name": "42724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42724" + }, + { + "name": "SUSE-SU-2011:0847", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" + }, + { + "name": "52866", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52866" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847" + }, + { + "name": "openSUSE-SU-2011:0845", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" + }, + { + "name": "34666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34666" + }, + { + "name": "HPSBUX02435", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2" + }, + { + "name": "ADV-2009-1020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1020" + }, + { + "name": "35729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35729" + }, + { + "name": "35380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35380" + }, + { + "name": "HPSBOV02540", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127678688104458&w=2" + }, + { + "name": "openssl-asn1-structure-dos(49433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49433" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "http://www.php.net/archive/2009.php#id2009-04-08-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2009.php#id2009-04-08-1" + }, + { + "name": "34411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34411" + }, + { + "name": "NetBSD-SA2009-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc" + }, + { + "name": "1021906", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021906" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", + "refsource": "CONFIRM", + "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "http://www.openssl.org/news/secadv_20090325.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20090325.txt" + }, + { + "name": "ADV-2009-1548", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1548" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA50", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA50" + }, + { + "name": "34460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34460" + }, + { + "name": "34256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34256" + }, + { + "name": "42733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42733" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1055.json b/2009/1xxx/CVE-2009-1055.json index f413c42125d..240f048e825 100644 --- a/2009/1xxx/CVE-2009-1055.json +++ b/2009/1xxx/CVE-2009-1055.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090317 Sitecore .NET 5.3.x - web service information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501929/100/0/threaded" - }, - { - "name" : "http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx", - "refsource" : "CONFIRM", - "url" : "http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx" - }, - { - "name" : "34162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34162" - }, - { - "name" : "34356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34356" - }, - { - "name" : "ADV-2009-0753", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0753" - }, - { - "name" : "sitecore-web-service-info-disclosure(49298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090317 Sitecore .NET 5.3.x - web service information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501929/100/0/threaded" + }, + { + "name": "ADV-2009-0753", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0753" + }, + { + "name": "sitecore-web-service-info-disclosure(49298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49298" + }, + { + "name": "34162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34162" + }, + { + "name": "http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx", + "refsource": "CONFIRM", + "url": "http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx" + }, + { + "name": "34356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34356" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1074.json b/2009/1xxx/CVE-2009-1074.json index 0e44581f1af..c0a93b5edf5 100644 --- a/2009/1xxx/CVE-2009-1074.json +++ b/2009/1xxx/CVE-2009-1074.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to \"ssl termination devices\" and lack of support for relative URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" - }, - { - "name" : "253267", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" - }, - { - "name" : "34191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34191" - }, - { - "name" : "1021881", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021881" - }, - { - "name" : "34380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34380" - }, - { - "name" : "ADV-2009-0797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to \"ssl termination devices\" and lack of support for relative URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "253267", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1" + }, + { + "name": "1021881", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021881" + }, + { + "name": "34191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34191" + }, + { + "name": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java" + }, + { + "name": "ADV-2009-0797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0797" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1" + }, + { + "name": "34380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34380" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1642.json b/2009/1xxx/CVE-2009-1642.json index f0b46e8bf4a..a9185791c0d 100644 --- a/2009/1xxx/CVE-2009-1642.json +++ b/2009/1xxx/CVE-2009-1642.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in \"prior to 3.1.3.7.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8629", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8629" - }, - { - "name" : "8630", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8630" - }, - { - "name" : "https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html" - }, - { - "name" : "34860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34860" - }, - { - "name" : "34864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34864" - }, - { - "name" : "asxmp3-ram-asxf-bo(50374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in \"prior to 3.1.3.7.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34864" + }, + { + "name": "8630", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8630" + }, + { + "name": "34860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34860" + }, + { + "name": "asxmp3-ram-asxf-bo(50374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50374" + }, + { + "name": "https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html" + }, + { + "name": "8629", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8629" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1675.json b/2009/1xxx/CVE-2009-1675.json index ceb3655f8d6..7df56d6b5ae 100644 --- a/2009/1xxx/CVE-2009-1675.json +++ b/2009/1xxx/CVE-2009-1675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8623", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8623" - }, - { - "name" : "34838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34838" - }, - { - "name" : "32bit-cwd-banner-bo(50337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50337" - }, - { - "name" : "32bit-pasv-bo(50644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34838" + }, + { + "name": "32bit-cwd-banner-bo(50337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50337" + }, + { + "name": "32bit-pasv-bo(50644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50644" + }, + { + "name": "8623", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8623" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1975.json b/2009/1xxx/CVE-2009-1975.json index 0e83339ca64..7aef2ba4cf0 100644 --- a/2009/1xxx/CVE-2009-1975.json +++ b/2009/1xxx/CVE-2009-1975.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "35673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35673" - }, - { - "name" : "1022561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022561" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "ADV-2009-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1900" - }, - { - "name" : "oracle-bea-wls-console-unspecified(51759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "35673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35673" + }, + { + "name": "ADV-2009-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1900" + }, + { + "name": "1022561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022561" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "oracle-bea-wls-console-unspecified(51759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51759" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4476.json b/2009/4xxx/CVE-2009-4476.json index 2614613c21c..4bf939ae9bf 100644 --- a/2009/4xxx/CVE-2009-4476.json +++ b/2009/4xxx/CVE-2009-4476.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36241" - }, - { - "name" : "36512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36241" + }, + { + "name": "36512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36512" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4655.json b/2009/4xxx/CVE-2009-4655.json index 41a31cb6e0c..936650dea4f 100644 --- a/2009/4xxx/CVE-2009-4655.json +++ b/2009/4xxx/CVE-2009-4655.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie" - }, - { - "name" : "http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb", - "refsource" : "MISC", - "url" : "http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb" - }, - { - "name" : "60035", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60035" - }, - { - "name" : "edirectory-dhost-session-hijacking(56613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie", + "refsource": "MISC", + "url": "http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie" + }, + { + "name": "60035", + "refsource": "OSVDB", + "url": "http://osvdb.org/60035" + }, + { + "name": "edirectory-dhost-session-hijacking(56613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56613" + }, + { + "name": "http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb", + "refsource": "MISC", + "url": "http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4695.json b/2009/4xxx/CVE-2009-4695.json index 0ed7e66fc81..39c46ed8744 100644 --- a/2009/4xxx/CVE-2009-4695.json +++ b/2009/4xxx/CVE-2009-4695.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9195", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9195" - }, - { - "name" : "35730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35730" - }, - { - "name" : "55948", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55948" - }, - { - "name" : "35826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35826" - }, - { - "name" : "radlance-index-sql-injection(51834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35826" + }, + { + "name": "55948", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55948" + }, + { + "name": "9195", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9195" + }, + { + "name": "radlance-index-sql-injection(51834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51834" + }, + { + "name": "35730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35730" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4812.json b/2009/4xxx/CVE-2009-4812.json index ce38a27c3b0..1580e22465f 100644 --- a/2009/4xxx/CVE-2009-4812.json +++ b/2009/4xxx/CVE-2009-4812.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091223 XSS in WebMathematica", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0431.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091223 XSS in WebMathematica", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0431.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5106.json b/2009/5xxx/CVE-2009-5106.json index 90f4ac873ce..a356005cce0 100644 --- a/2009/5xxx/CVE-2009-5106.json +++ b/2009/5xxx/CVE-2009-5106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2323.json b/2012/2xxx/CVE-2012-2323.json index 0d96076635c..657047d2bf3 100644 --- a/2012/2xxx/CVE-2012-2323.json +++ b/2012/2xxx/CVE-2012-2323.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2323", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2214. Reason: This candidate is a reservation duplicate of CVE-2012-2214. Notes: All CVE users should reference CVE-2012-2214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2323", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2214. Reason: This candidate is a reservation duplicate of CVE-2012-2214. Notes: All CVE users should reference CVE-2012-2214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2945.json b/2012/2xxx/CVE-2012-2945.json index fe16743daec..03df7162960 100644 --- a/2012/2xxx/CVE-2012-2945.json +++ b/2012/2xxx/CVE-2012-2945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3405.json b/2012/3xxx/CVE-2012-3405.json index 154b355193f..678d516d5b2 100644 --- a/2012/3xxx/CVE-2012-3405.json +++ b/2012/3xxx/CVE-2012-3405.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers \"desynchronization within the buffer size handling,\" a different vulnerability than CVE-2012-3404." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/11/17" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833704", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833704" - }, - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=13446", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=13446" - }, - { - "name" : "GLSA-201503-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-04" - }, - { - "name" : "RHSA-2012:1098", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1098.html" - }, - { - "name" : "RHSA-2012:1200", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1200.html" - }, - { - "name" : "USN-1589-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1589-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers \"desynchronization within the buffer size handling,\" a different vulnerability than CVE-2012-3404." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1200", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1200.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=833704", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833704" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=13446", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=13446" + }, + { + "name": "GLSA-201503-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-04" + }, + { + "name": "RHSA-2012:1098", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1098.html" + }, + { + "name": "USN-1589-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1589-1" + }, + { + "name": "[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/11/17" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6095.json b/2012/6xxx/CVE-2012-6095.json index 240ffec9844..f78d3e047af 100644 --- a/2012/6xxx/CVE-2012-6095.json +++ b/2012/6xxx/CVE-2012-6095.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130107 Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/07/3" - }, - { - "name" : "http://bugs.proftpd.org/show_bug.cgi?id=3841", - "refsource" : "CONFIRM", - "url" : "http://bugs.proftpd.org/show_bug.cgi?id=3841" - }, - { - "name" : "http://proftpd.org/docs/NEWS-1.3.5rc1", - "refsource" : "CONFIRM", - "url" : "http://proftpd.org/docs/NEWS-1.3.5rc1" - }, - { - "name" : "DSA-2606", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2606" - }, - { - "name" : "51823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://proftpd.org/docs/NEWS-1.3.5rc1", + "refsource": "CONFIRM", + "url": "http://proftpd.org/docs/NEWS-1.3.5rc1" + }, + { + "name": "[oss-security] 20130107 Re: CVE Request -- proFTPD (X < 1.3.5.rc1): Symlink race condition when applying UserOwner to a newly (ProFTPD) created directory", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/07/3" + }, + { + "name": "http://bugs.proftpd.org/show_bug.cgi?id=3841", + "refsource": "CONFIRM", + "url": "http://bugs.proftpd.org/show_bug.cgi?id=3841" + }, + { + "name": "51823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51823" + }, + { + "name": "DSA-2606", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2606" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6592.json b/2012/6xxx/CVE-2012-6592.json index dfe631637b0..b83e7b81682 100644 --- a/2012/6xxx/CVE-2012-6592.json +++ b/2012/6xxx/CVE-2012-6592.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/3", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/3", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/3" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1529.json b/2015/1xxx/CVE-2015-1529.json index 2f6dda41820..f27fb171223 100644 --- a/2015/1xxx/CVE-2015-1529.json +++ b/2015/1xxx/CVE-2015-1529.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/b9096dc", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/b9096dc" - }, - { - "name" : "76663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76663" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/b9096dc", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/b9096dc" + }, + { + "name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1847.json b/2015/1xxx/CVE-2015-1847.json index 0adf8f3a941..9f768075a75 100644 --- a/2015/1xxx/CVE-2015-1847.json +++ b/2015/1xxx/CVE-2015-1847.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-1847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://appserver.io/security/2015/03/31/traversal-directory-vulnerability-in-webserver.html", - "refsource" : "CONFIRM", - "url" : "http://appserver.io/security/2015/03/31/traversal-directory-vulnerability-in-webserver.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://appserver.io/security/2015/03/31/traversal-directory-vulnerability-in-webserver.html", + "refsource": "CONFIRM", + "url": "http://appserver.io/security/2015/03/31/traversal-directory-vulnerability-in-webserver.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5193.json b/2015/5xxx/CVE-2015-5193.json index ef48a3ad6d4..06d39eb6f6f 100644 --- a/2015/5xxx/CVE-2015-5193.json +++ b/2015/5xxx/CVE-2015-5193.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5193", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5193", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5314.json b/2015/5xxx/CVE-2015-5314.json index b7af16dbe12..ff869fcb769 100644 --- a/2015/5xxx/CVE-2015-5314.json +++ b/2015/5xxx/CVE-2015-5314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10" - }, - { - "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt" - }, - { - "name" : "DSA-3397", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2015/dsa-3397" - }, - { - "name" : "USN-2808-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2808-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2808-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2808-1" + }, + { + "name": "DSA-3397", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2015/dsa-3397" + }, + { + "name": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt" + }, + { + "name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5370.json b/2015/5xxx/CVE-2015-5370.json index 9b3d4b60881..23def428c70 100644 --- a/2015/5xxx/CVE-2015-5370.json +++ b/2015/5xxx/CVE-2015-5370.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://badlock.org/", - "refsource" : "MISC", - "url" : "http://badlock.org/" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2015-5370.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2015-5370.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "https://www.samba.org/samba/history/samba-4.2.10.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/history/samba-4.2.10.html" - }, - { - "name" : "https://bto.bluecoat.com/security-advisory/sa122", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa122" - }, - { - "name" : "https://www.samba.org/samba/latest_news.html#4.4.2", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/latest_news.html#4.4.2" - }, - { - "name" : "DSA-3548", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3548" - }, - { - "name" : "FEDORA-2016-383fce04e2", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" - }, - { - "name" : "FEDORA-2016-48b3761baa", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" - }, - { - "name" : "FEDORA-2016-be53260726", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" - }, - { - "name" : "RHSA-2016:0611", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0611.html" - }, - { - "name" : "RHSA-2016:0613", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0613.html" - }, - { - "name" : "RHSA-2016:0614", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0614.html" - }, - { - "name" : "RHSA-2016:0618", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0618.html" - }, - { - "name" : "RHSA-2016:0619", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0619.html" - }, - { - "name" : "RHSA-2016:0620", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0620.html" - }, - { - "name" : "RHSA-2016:0624", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0624.html" - }, - { - "name" : "RHSA-2016:0612", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0612.html" - }, - { - "name" : "SSA:2016-106-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" - }, - { - "name" : "SUSE-SU-2016:1022", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2016:1023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" - }, - { - "name" : "SUSE-SU-2016:1024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" - }, - { - "name" : "SUSE-SU-2016:1028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" - }, - { - "name" : "openSUSE-SU-2016:1025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" - }, - { - "name" : "openSUSE-SU-2016:1064", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "USN-2950-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-5" - }, - { - "name" : "USN-2950-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-3" - }, - { - "name" : "USN-2950-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-4" - }, - { - "name" : "USN-2950-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-1" - }, - { - "name" : "USN-2950-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2950-2" - }, - { - "name" : "1035533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2016-106-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012" + }, + { + "name": "SUSE-SU-2016:1022", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html" + }, + { + "name": "RHSA-2016:0612", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0612.html" + }, + { + "name": "USN-2950-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-1" + }, + { + "name": "SUSE-SU-2016:1028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html" + }, + { + "name": "RHSA-2016:0613", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0613.html" + }, + { + "name": "http://badlock.org/", + "refsource": "MISC", + "url": "http://badlock.org/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "openSUSE-SU-2016:1064", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" + }, + { + "name": "USN-2950-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-5" + }, + { + "name": "https://www.samba.org/samba/history/samba-4.2.10.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/history/samba-4.2.10.html" + }, + { + "name": "FEDORA-2016-be53260726", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html" + }, + { + "name": "RHSA-2016:0624", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0624.html" + }, + { + "name": "RHSA-2016:0618", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0618.html" + }, + { + "name": "SUSE-SU-2016:1024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html" + }, + { + "name": "SUSE-SU-2016:1023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html" + }, + { + "name": "https://www.samba.org/samba/latest_news.html#4.4.2", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/latest_news.html#4.4.2" + }, + { + "name": "1035533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035533" + }, + { + "name": "FEDORA-2016-48b3761baa", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html" + }, + { + "name": "RHSA-2016:0614", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0614.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2015-5370.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2015-5370.html" + }, + { + "name": "openSUSE-SU-2016:1025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html" + }, + { + "name": "RHSA-2016:0620", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0620.html" + }, + { + "name": "RHSA-2016:0611", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0611.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa122", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa122" + }, + { + "name": "USN-2950-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-3" + }, + { + "name": "FEDORA-2016-383fce04e2", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "RHSA-2016:0619", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0619.html" + }, + { + "name": "DSA-3548", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3548" + }, + { + "name": "USN-2950-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05162399" + }, + { + "name": "USN-2950-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2950-4" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11191.json b/2018/11xxx/CVE-2018-11191.json index 857142c9d90..184847388d1 100644 --- a/2018/11xxx/CVE-2018-11191.json +++ b/2018/11xxx/CVE-2018-11191.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11457.json b/2018/11xxx/CVE-2018-11457.json index da18e148ee4..710ab8b73ba 100644 --- a/2018/11xxx/CVE-2018-11457.json +++ b/2018/11xxx/CVE-2018-11457.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", - "version" : { - "version_data" : [ - { - "version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" - }, - { - "version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" - }, - { - "version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122: Heap-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", + "version": { + "version_data": [ + { + "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" + }, + { + "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" + }, + { + "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" - }, - { - "name" : "106185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106185" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11570.json b/2018/11xxx/CVE-2018-11570.json index 88db96476a2..0f9abc7113e 100644 --- a/2018/11xxx/CVE-2018-11570.json +++ b/2018/11xxx/CVE-2018-11570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11629.json b/2018/11xxx/CVE-2018-11629.json index bd074bd35e5..522513321bb 100644 --- a/2018/11xxx/CVE-2018-11629.json +++ b/2018/11xxx/CVE-2018-11629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sadfud.me/explotos/CVE-2018-11629", - "refsource" : "MISC", - "url" : "http://sadfud.me/explotos/CVE-2018-11629" - }, - { - "name" : "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/", - "refsource" : "MISC", - "url" : "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sadfud.me/explotos/CVE-2018-11629", + "refsource": "MISC", + "url": "http://sadfud.me/explotos/CVE-2018-11629" + }, + { + "name": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/", + "refsource": "MISC", + "url": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11697.json b/2018/11xxx/CVE-2018-11697.json index 256ae971fd7..3e8e1794d47 100644 --- a/2018/11xxx/CVE-2018-11697.json +++ b/2018/11xxx/CVE-2018-11697.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sass/libsass/issues/2656", - "refsource" : "MISC", - "url" : "https://github.com/sass/libsass/issues/2656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sass/libsass/issues/2656", + "refsource": "MISC", + "url": "https://github.com/sass/libsass/issues/2656" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15025.json b/2018/15xxx/CVE-2018-15025.json index 62e0f66970c..f31e2837ffa 100644 --- a/2018/15xxx/CVE-2018-15025.json +++ b/2018/15xxx/CVE-2018-15025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15197.json b/2018/15xxx/CVE-2018-15197.json index 0c06e9212c1..630fdb23e7c 100644 --- a/2018/15xxx/CVE-2018-15197.json +++ b/2018/15xxx/CVE-2018-15197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/liu21st/onethink/issues/36", - "refsource" : "MISC", - "url" : "https://github.com/liu21st/onethink/issues/36" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/liu21st/onethink/issues/36", + "refsource": "MISC", + "url": "https://github.com/liu21st/onethink/issues/36" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15611.json b/2018/15xxx/CVE-2018-15611.json index eb359b1de6c..b302a0ba3ce 100644 --- a/2018/15xxx/CVE-2018-15611.json +++ b/2018/15xxx/CVE-2018-15611.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "securityalerts@avaya.com", - "DATE_PUBLIC" : "2018-09-27T06:00:00.000Z", - "ID" : "CVE-2018-15611", - "STATE" : "PUBLIC", - "TITLE" : "Communication Manager Local Administrator PrivEsc" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Communication Manager", - "version" : { - "version_data" : [ - { - "affected" : "<=7.1.3.1", - "version_name" : "7.x", - "version_value" : "7.1.3.1" - }, - { - "affected" : "=6.3.x", - "version_name" : "6.3.x", - "version_value" : "6.3.x" - } - ] - } - } - ] - }, - "vendor_name" : "Avaya" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "HIGH", - "baseScore" : 6.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "DATE_PUBLIC": "2018-09-27T06:00:00.000Z", + "ID": "CVE-2018-15611", + "STATE": "PUBLIC", + "TITLE": "Communication Manager Local Administrator PrivEsc" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communication Manager", + "version": { + "version_data": [ + { + "affected": "<=7.1.3.1", + "version_name": "7.x", + "version_value": "7.1.3.1" + }, + { + "affected": "=6.3.x", + "version_name": "6.3.x", + "version_value": "6.3.x" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downloads.avaya.com/css/P8/documents/101052550", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101052550" - } - ] - }, - "source" : { - "advisory" : "ASA-2017-343" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downloads.avaya.com/css/P8/documents/101052550", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101052550" + } + ] + }, + "source": { + "advisory": "ASA-2017-343" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15625.json b/2018/15xxx/CVE-2018-15625.json index 22160fafc38..4f8504ceb16 100644 --- a/2018/15xxx/CVE-2018-15625.json +++ b/2018/15xxx/CVE-2018-15625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15625", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15625", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15730.json b/2018/15xxx/CVE-2018-15730.json index 0a07949b400..31f6b39cdbe 100644 --- a/2018/15xxx/CVE-2018-15730.json +++ b/2018/15xxx/CVE-2018-15730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3101.json b/2018/3xxx/CVE-2018-3101.json index 4de50210233..440bf3d7169 100644 --- a/2018/3xxx/CVE-2018-3101.json +++ b/2018/3xxx/CVE-2018-3101.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Portal", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.9.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.9.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104820" - }, - { - "name" : "1041310", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104820" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1041310", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041310" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3391.json b/2018/3xxx/CVE-2018-3391.json index 9c8a0d87a60..379db5ec1bd 100644 --- a/2018/3xxx/CVE-2018-3391.json +++ b/2018/3xxx/CVE-2018-3391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3663.json b/2018/3xxx/CVE-2018-3663.json index ae7b3679223..aa9429f9d76 100644 --- a/2018/3xxx/CVE-2018-3663.json +++ b/2018/3xxx/CVE-2018-3663.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-06-26T00:00:00", - "ID" : "CVE-2018-3663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Saffron MemoryBase", - "version" : { - "version_data" : [ - { - "version_value" : "before version 11.4" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-06-26T00:00:00", + "ID": "CVE-2018-3663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Saffron MemoryBase", + "version": { + "version_data": [ + { + "version_value": "before version 11.4" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3753.json b/2018/3xxx/CVE-2018-3753.json index 348961a13e1..49989f4076b 100644 --- a/2018/3xxx/CVE-2018-3753.json +++ b/2018/3xxx/CVE-2018-3753.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2018-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2018-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/310706", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/310706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/310706", + "refsource": "MISC", + "url": "https://hackerone.com/reports/310706" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8187.json b/2018/8xxx/CVE-2018-8187.json index a7dfa6eb00a..438d8508e76 100644 --- a/2018/8xxx/CVE-2018-8187.json +++ b/2018/8xxx/CVE-2018-8187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8394.json b/2018/8xxx/CVE-2018-8394.json index 2ac74add1a4..98b5b26bd2e 100644 --- a/2018/8xxx/CVE-2018-8394.json +++ b/2018/8xxx/CVE-2018-8394.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394" - }, - { - "name" : "105001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105001" - }, - { - "name" : "1041460", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041460", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041460" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394" + }, + { + "name": "105001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105001" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8473.json b/2018/8xxx/CVE-2018-8473.json index 0d7d25619fd..4838960fcef 100644 --- a/2018/8xxx/CVE-2018-8473.json +++ b/2018/8xxx/CVE-2018-8473.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473" - }, - { - "name" : "105459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105459" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8473" + }, + { + "name": "105459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105459" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8505.json b/2018/8xxx/CVE-2018-8505.json index ed898285151..784d1b38897 100644 --- a/2018/8xxx/CVE-2018-8505.json +++ b/2018/8xxx/CVE-2018-8505.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505" - }, - { - "name" : "105468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105468" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105468" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8505" + } + ] + } +} \ No newline at end of file