diff --git a/2002/0xxx/CVE-2002-0441.json b/2002/0xxx/CVE-2002-0441.json index ba7fbd3d814..7f48bebed3e 100644 --- a/2002/0xxx/CVE-2002-0441.json +++ b/2002/0xxx/CVE-2002-0441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020311 Directory traversal vulnerability in phpimglist", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/261221" - }, - { - "name" : "http://www.liquidpulse.net/get.lp?id=17", - "refsource" : "CONFIRM", - "url" : "http://www.liquidpulse.net/get.lp?id=17" - }, - { - "name" : "phpimglist-dot-directory-traversal(8441)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8441.php" - }, - { - "name" : "4276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.liquidpulse.net/get.lp?id=17", + "refsource": "CONFIRM", + "url": "http://www.liquidpulse.net/get.lp?id=17" + }, + { + "name": "20020311 Directory traversal vulnerability in phpimglist", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/261221" + }, + { + "name": "phpimglist-dot-directory-traversal(8441)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8441.php" + }, + { + "name": "4276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4276" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0595.json b/2002/0xxx/CVE-2002-0595.json index ac1a25da5a4..3c93cba5e1f 100644 --- a/2002/0xxx/CVE-2002-0595.json +++ b/2002/0xxx/CVE-2002-0595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html" - }, - { - "name" : "webtrends-long-string-bo(8864)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8864.php" - }, - { - "name" : "4531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html" + }, + { + "name": "4531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4531" + }, + { + "name": "webtrends-long-string-bo(8864)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8864.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0876.json b/2002/0xxx/CVE-2002-0876.json index 59313d9357d..74242975909 100644 --- a/2002/0xxx/CVE-2002-0876.json +++ b/2002/0xxx/CVE-2002-0876.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html" - }, - { - "name" : "20020709 Exploit for previously reported DoS issues in Shambala Server 4.5", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/281265" - }, - { - "name" : "4897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4897" - }, - { - "name" : "shambala-web-request-dos(9225)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9225.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020709 Exploit for previously reported DoS issues in Shambala Server 4.5", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/281265" + }, + { + "name": "4897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4897" + }, + { + "name": "shambala-web-request-dos(9225)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9225.php" + }, + { + "name": "20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2040.json b/2002/2xxx/CVE-2002-2040.json index c83c4616e3a..3988166fb35 100644 --- a/2002/2xxx/CVE-2002-2040.json +++ b/2002/2xxx/CVE-2002-2040.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020603 QNX", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/275218" - }, - { - "name" : "4915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4915" - }, - { - "name" : "4916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4916" - }, - { - "name" : "qnx-rtos-phgrafx-privileges(9257)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9257.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4916" + }, + { + "name": "4915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4915" + }, + { + "name": "20020603 QNX", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/275218" + }, + { + "name": "qnx-rtos-phgrafx-privileges(9257)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9257.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2393.json b/2002/2xxx/CVE-2002-2393.json index 8fc1c45ea8d..815d09dfdaf 100644 --- a/2002/2xxx/CVE-2002-2393.json +++ b/2002/2xxx/CVE-2002-2393.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html" - }, - { - "name" : "6112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6112" - }, - { - "name" : "servu-mkd-command-dos(10573)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10573.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021106 RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html" + }, + { + "name": "6112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6112" + }, + { + "name": "servu-mkd-command-dos(10573)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10573.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0617.json b/2005/0xxx/CVE-2005-0617.json index 0026361d4d8..88991d9f85c 100644 --- a/2005/0xxx/CVE-2005-0617.json +++ b/2005/0xxx/CVE-2005-0617.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110962710805864&w=2" - }, - { - "name" : "http://news.postnuke.com/Article2669.html", - "refsource" : "CONFIRM", - "url" : "http://news.postnuke.com/Article2669.html" - }, - { - "name" : "1013324", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://news.postnuke.com/Article2669.html", + "refsource": "CONFIRM", + "url": "http://news.postnuke.com/Article2669.html" + }, + { + "name": "1013324", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013324" + }, + { + "name": "20050228 [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110962710805864&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0793.json b/2005/0xxx/CVE-2005-0793.json index 95d9804e071..248ce6e16e1 100644 --- a/2005/0xxx/CVE-2005-0793.json +++ b/2005/0xxx/CVE-2005-0793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050315 Few remote bugs in zPanel", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111090324111053&w=2" - }, - { - "name" : "20050320 Re: Few remote bugs in zPanel", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111142323616309&w=2" - }, - { - "name" : "12809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050320 Re: Few remote bugs in zPanel", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111142323616309&w=2" + }, + { + "name": "20050315 Few remote bugs in zPanel", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111090324111053&w=2" + }, + { + "name": "12809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12809" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0810.json b/2005/0xxx/CVE-2005-0810.json index cb26fceb76e..357bb8df63d 100644 --- a/2005/0xxx/CVE-2005-0810.json +++ b/2005/0xxx/CVE-2005-0810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#264097", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/264097" - }, - { - "name" : "12843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12843" - }, - { - "name" : "14617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14617" + }, + { + "name": "VU#264097", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/264097" + }, + { + "name": "12843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12843" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0936.json b/2005/0xxx/CVE-2005-0936.json index d1fb00ff1e2..d216b55b124 100644 --- a/2005/0xxx/CVE-2005-0936.json +++ b/2005/0xxx/CVE-2005-0936.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050330 Multiple sql injection, and xss vulnerabilities in Pay pal Storefront", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111221890614271&w=2" - }, - { - "name" : "http://www.hackerscenter.com/Archive/view.asp?id=1774", - "refsource" : "MISC", - "url" : "http://www.hackerscenter.com/Archive/view.asp?id=1774" - }, - { - "name" : "12904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12904" - }, - { - "name" : "15059", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15059" - }, - { - "name" : "1013563", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013563" - }, - { - "name" : "14711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hackerscenter.com/Archive/view.asp?id=1774", + "refsource": "MISC", + "url": "http://www.hackerscenter.com/Archive/view.asp?id=1774" + }, + { + "name": "20050330 Multiple sql injection, and xss vulnerabilities in Pay pal Storefront", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111221890614271&w=2" + }, + { + "name": "12904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12904" + }, + { + "name": "1013563", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013563" + }, + { + "name": "14711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14711" + }, + { + "name": "15059", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15059" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0983.json b/2005/0xxx/CVE-2005-0983.json index dd061697108..7b03192de45 100644 --- a/2005/0xxx/CVE-2005-0983.json +++ b/2005/0xxx/CVE-2005-0983.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050402 In-game players kicking in the Quake 3 engine", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111246796918067&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/q3msgboom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/q3msgboom-adv.txt" - }, - { - "name" : "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322", - "refsource" : "MISC", - "url" : "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322" - }, - { - "name" : "12976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12976" - }, - { - "name" : "14811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14811" + }, + { + "name": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/q3msgboom-adv.txt" + }, + { + "name": "12976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12976" + }, + { + "name": "20050402 In-game players kicking in the Quake 3 engine", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111246796918067&w=2" + }, + { + "name": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322", + "refsource": "MISC", + "url": "http://bani.anime.net/banimod/forums/viewtopic.php?p=27322" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1165.json b/2005/1xxx/CVE-2005-1165.json index 16385253b1c..3c0bddced9d 100644 --- a/2005/1xxx/CVE-2005-1165.json +++ b/2005/1xxx/CVE-2005-1165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050414 Multiple vulnerabilities in Yager 5.24", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111352154820865&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/yagerbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/yagerbof-adv.txt" - }, - { - "name" : "yager-corrupt-data-dos(20105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050414 Multiple vulnerabilities in Yager 5.24", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111352154820865&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/yagerbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/yagerbof-adv.txt" + }, + { + "name": "yager-corrupt-data-dos(20105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20105" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1908.json b/2005/1xxx/CVE-2005-1908.json index 051873d513a..a4e5e2f78bd 100644 --- a/2005/1xxx/CVE-2005-1908.json +++ b/2005/1xxx/CVE-2005-1908.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \\ (backslash) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17084" - }, - { - "name" : "1014096", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014096" - }, - { - "name" : "15592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \\ (backslash) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014096", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014096" + }, + { + "name": "15592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15592" + }, + { + "name": "17084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17084" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4538.json b/2005/4xxx/CVE-2005-4538.json index 5968bbf26c3..0dd02b23728 100644 --- a/2005/4xxx/CVE-2005-4538.json +++ b/2005/4xxx/CVE-2005-4538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4538", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-4538", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0297.json b/2009/0xxx/CVE-2009-0297.json index 121127f3503..b553ac331db 100644 --- a/2009/0xxx/CVE-2009-0297.json +++ b/2009/0xxx/CVE-2009-0297.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7880", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7880" - }, - { - "name" : "51626", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51626" - }, - { - "name" : "33647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7880", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7880" + }, + { + "name": "51626", + "refsource": "OSVDB", + "url": "http://osvdb.org/51626" + }, + { + "name": "33647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33647" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0332.json b/2009/0xxx/CVE-2009-0332.json index 9c079191e0e..315b9517950 100644 --- a/2009/0xxx/CVE-2009-0332.json +++ b/2009/0xxx/CVE-2009-0332.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=654214", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=654214" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816" - }, - { - "name" : "33583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33583" - }, - { - "name" : "avbook-edit-sql-injection(48084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=654214", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=654214" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=2219743&group_id=209711&atid=1010816" + }, + { + "name": "33583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33583" + }, + { + "name": "avbook-edit-sql-injection(48084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48084" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0358.json b/2009/0xxx/CVE-2009-0358.json index 83a792dd428..362a7302f23 100644 --- a/2009/0xxx/CVE-2009-0358.json +++ b/2009/0xxx/CVE-2009-0358.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx", - "refsource" : "MISC", - "url" : "http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-06.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441751", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441751" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" - }, - { - "name" : "FEDORA-2009-1399", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" - }, - { - "name" : "MDVSA-2009:044", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" - }, - { - "name" : "RHSA-2009:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0256.html" - }, - { - "name" : "SUSE-SA:2009:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" - }, - { - "name" : "USN-717-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-717-1" - }, - { - "name" : "33598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33598" - }, - { - "name" : "oval:org.mitre.oval:def:10610", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610" - }, - { - "name" : "33831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33831" - }, - { - "name" : "33841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33841" - }, - { - "name" : "33846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33846" - }, - { - "name" : "ADV-2009-0313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0313" - }, - { - "name" : "1021667", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021667" - }, - { - "name" : "33799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33799" - }, - { - "name" : "33809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33809" - }, - { - "name" : "33869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021667", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021667" + }, + { + "name": "ADV-2009-0313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0313" + }, + { + "name": "SUSE-SA:2009:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html" + }, + { + "name": "33809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33809" + }, + { + "name": "MDVSA-2009:044", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:044" + }, + { + "name": "RHSA-2009:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0256.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm" + }, + { + "name": "33831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33831" + }, + { + "name": "33841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33841" + }, + { + "name": "33846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33846" + }, + { + "name": "33799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33799" + }, + { + "name": "oval:org.mitre.oval:def:10610", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=441751", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441751" + }, + { + "name": "http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx", + "refsource": "MISC", + "url": "http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-06.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-06.html" + }, + { + "name": "33598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33598" + }, + { + "name": "FEDORA-2009-1399", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html" + }, + { + "name": "33869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33869" + }, + { + "name": "USN-717-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-717-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1093.json b/2009/1xxx/CVE-2009-1093.json index 3f4b43d067a..0727a95a355 100644 --- a/2009/1xxx/CVE-2009-1093.json +++ b/2009/1xxx/CVE-2009-1093.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1", - "refsource" : "MISC", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1769", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1769" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMA02429", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "SSRT090058", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" - }, - { - "name" : "HPSBUX02429", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" - }, - { - "name" : "MDVSA-2009:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" - }, - { - "name" : "MDVSA-2009:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" - }, - { - "name" : "RHSA-2009:0392", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" - }, - { - "name" : "RHSA-2009:0394", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" - }, - { - "name" : "RHSA-2009:0377", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" - }, - { - "name" : "RHSA-2009:1038", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" - }, - { - "name" : "RHSA-2009:1198", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" - }, - { - "name" : "254569", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1" - }, - { - "name" : "SUSE-SA:2009:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "SUSE-SA:2009:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" - }, - { - "name" : "USN-748-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-748-1" - }, - { - "name" : "34240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34240" - }, - { - "name" : "oval:org.mitre.oval:def:11343", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11343" - }, - { - "name" : "oval:org.mitre.oval:def:6676", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6676" - }, - { - "name" : "1021893", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021893" - }, - { - "name" : "34489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34489" - }, - { - "name" : "34495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34495" - }, - { - "name" : "34496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34496" - }, - { - "name" : "34675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34675" - }, - { - "name" : "34632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34632" - }, - { - "name" : "35223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35223" - }, - { - "name" : "35156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35156" - }, - { - "name" : "35255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35255" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35776" - }, - { - "name" : "36185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36185" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37460" - }, - { - "name" : "ADV-2009-1426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1426" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2009:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" + }, + { + "name": "MDVSA-2009:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" + }, + { + "name": "34632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34632" + }, + { + "name": "SSRT090058", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "35156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35156" + }, + { + "name": "34675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34675" + }, + { + "name": "SUSE-SA:2009:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" + }, + { + "name": "35776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35776" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" + }, + { + "name": "37460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37460" + }, + { + "name": "34489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34489" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1038", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html" + }, + { + "name": "RHSA-2009:1198", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "HPSBUX02429", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2" + }, + { + "name": "RHSA-2009:0394", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html" + }, + { + "name": "34495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34495" + }, + { + "name": "1021893", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021893" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1", + "refsource": "MISC", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1" + }, + { + "name": "36185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36185" + }, + { + "name": "RHSA-2009:0377", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html" + }, + { + "name": "35255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35255" + }, + { + "name": "ADV-2009-1426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1426" + }, + { + "name": "254569", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "MDVSA-2009:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" + }, + { + "name": "RHSA-2009:0392", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html" + }, + { + "name": "35223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35223" + }, + { + "name": "34240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34240" + }, + { + "name": "oval:org.mitre.oval:def:11343", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11343" + }, + { + "name": "34496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34496" + }, + { + "name": "HPSBMA02429", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" + }, + { + "name": "oval:org.mitre.oval:def:6676", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6676" + }, + { + "name": "USN-748-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-748-1" + }, + { + "name": "DSA-1769", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1769" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "SUSE-SA:2009:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1236.json b/2009/1xxx/CVE-2009-1236.json index b5e21c582b1..062c4564cb7 100644 --- a/2009/1xxx/CVE-2009-1236.json +++ b/2009/1xxx/CVE-2009-1236.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8262", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8262" - }, - { - "name" : "http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c", - "refsource" : "MISC", - "url" : "http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c" - }, - { - "name" : "http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181" - }, - { - "name" : "34201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34201" - }, - { - "name" : "34424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34201" + }, + { + "name": "34424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34424" + }, + { + "name": "http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c", + "refsource": "MISC", + "url": "http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c" + }, + { + "name": "http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181", + "refsource": "MISC", + "url": "http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181" + }, + { + "name": "8262", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8262" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1281.json b/2009/1xxx/CVE-2009-1281.json index 93b6202489d..bd0b3ddad90 100644 --- a/2009/1xxx/CVE-2009-1281.json +++ b/2009/1xxx/CVE-2009-1281.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.glfusion.org/article.php/glfusion113", - "refsource" : "CONFIRM", - "url" : "http://www.glfusion.org/article.php/glfusion113" - }, - { - "name" : "34377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34377" - }, - { - "name" : "53287", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53287" - }, - { - "name" : "34575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34575" + }, + { + "name": "34377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34377" + }, + { + "name": "53287", + "refsource": "OSVDB", + "url": "http://osvdb.org/53287" + }, + { + "name": "http://www.glfusion.org/article.php/glfusion113", + "refsource": "CONFIRM", + "url": "http://www.glfusion.org/article.php/glfusion113" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4088.json b/2009/4xxx/CVE-2009-4088.json index 4e372fe9d5b..cc732f104fb 100644 --- a/2009/4xxx/CVE-2009-4088.json +++ b/2009/4xxx/CVE-2009-4088.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" - }, - { - "name" : "9483", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9483" - }, - { - "name" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", - "refsource" : "CONFIRM", - "url" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" - }, - { - "name" : "60216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60216" - }, - { - "name" : "60217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60217" - }, - { - "name" : "60218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60218" - }, - { - "name" : "37391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37391" - }, - { - "name" : "teleparkwiki-multiple-file-include(54327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", + "refsource": "CONFIRM", + "url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" + }, + { + "name": "9483", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9483" + }, + { + "name": "37391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37391" + }, + { + "name": "60218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60218" + }, + { + "name": "teleparkwiki-multiple-file-include(54327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54327" + }, + { + "name": "60216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60216" + }, + { + "name": "60217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60217" + }, + { + "name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4918.json b/2009/4xxx/CVE-2009-4918.json index 821498a8f91..d616e11203a 100644 --- a/2009/4xxx/CVE-2009-4918.json +++ b/2009/4xxx/CVE-2009-4918.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5034.json b/2009/5xxx/CVE-2009-5034.json index fcae70b2a6f..39f63c9395c 100644 --- a/2009/5xxx/CVE-2009-5034.json +++ b/2009/5xxx/CVE-2009-5034.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1" - }, - { - "name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", - "refsource" : "CONFIRM", - "url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" - }, - { - "name" : "LO41707", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO41707" - }, - { - "name" : "ibm-lnt-new-process-dos(64741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-lnt-new-process-dos(64741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64741" + }, + { + "name": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument", + "refsource": "CONFIRM", + "url": "http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?documentId=A6604E906E0DF2DF8525778B005D4466&action=openDocument" + }, + { + "name": "LO41707", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO41707" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24019529&aid=1" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2314.json b/2012/2xxx/CVE-2012-2314.json index 4edd61d0a2c..28dcb1d2900 100644 --- a/2012/2xxx/CVE-2012-2314.json +++ b/2012/2xxx/CVE-2012-2314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/04/10" - }, - { - "name" : "[oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/04/12" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=819031", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=819031" - }, - { - "name" : "http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df", - "refsource" : "CONFIRM", - "url" : "http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df" - }, - { - "name" : "FEDORA-2012-7579", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080188.html" - }, - { - "name" : "53486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-7579", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080188.html" + }, + { + "name": "http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df", + "refsource": "CONFIRM", + "url": "http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df" + }, + { + "name": "[oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/04/10" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=819031", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=819031" + }, + { + "name": "53486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53486" + }, + { + "name": "[oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/04/12" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2317.json b/2012/2xxx/CVE-2012-2317.json index c35d0a15ca5..67f87a5d884 100644 --- a/2012/2xxx/CVE-2012-2317.json +++ b/2012/2xxx/CVE-2012-2317.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120504 Debian/Ubuntu php_crypt_revamped.patch", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/04/7" - }, - { - "name" : "[oss-security] 20120505 Re: Debian/Ubuntu php_crypt_revamped.patch", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/05/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170" - }, - { - "name" : "USN-1481-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1481-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1481-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1481-1" + }, + { + "name": "[oss-security] 20120504 Debian/Ubuntu php_crypt_revamped.patch", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/04/7" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170" + }, + { + "name": "[oss-security] 20120505 Re: Debian/Ubuntu php_crypt_revamped.patch", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/05/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2324.json b/2012/2xxx/CVE-2012-2324.json index 323c3af77af..ff6d5a3c045 100644 --- a/2012/2xxx/CVE-2012-2324.json +++ b/2012/2xxx/CVE-2012-2324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" - }, - { - "name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" - }, - { - "name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" - }, - { - "name" : "53417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53417" + }, + { + "name": "[oss-security] 20120507 CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/13" + }, + { + "name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" + }, + { + "name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/07/14" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2616.json b/2012/2xxx/CVE-2012-2616.json index 42003997550..0321caa47f9 100644 --- a/2012/2xxx/CVE-2012-2616.json +++ b/2012/2xxx/CVE-2012-2616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2900.json b/2012/2xxx/CVE-2012-2900.json index 2a9470996b3..7b671b5fbe7 100644 --- a/2012/2xxx/CVE-2012-2900.json +++ b/2012/2xxx/CVE-2012-2900.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=138208", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=138208" - }, - { - "name" : "oval:org.mitre.oval:def:15725", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15725" - }, - { - "name" : "google-chrome-skia-dos(79063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15725", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15725" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html" + }, + { + "name": "google-chrome-skia-dos(79063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79063" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=138208", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=138208" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3556.json b/2012/3xxx/CVE-2012-3556.json index f38d7addded..fc4b508c33c 100644 --- a/2012/3xxx/CVE-2012-3556.json +++ b/2012/3xxx/CVE-2012-3556.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1165/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1165/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1200/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1200/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1200/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1200/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1020/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1020/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unix/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1200/" + }, + { + "name": "http://www.opera.com/support/kb/view/1020/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1020/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1165/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1165/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1200/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1200/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1200/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3563.json b/2012/3xxx/CVE-2012-3563.json index 06a0d2f270c..ab10a14ad7c 100644 --- a/2012/3xxx/CVE-2012-3563.json +++ b/2012/3xxx/CVE-2012-3563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/1200b/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1200b/" - }, - { - "name" : "opera-charencode-dos(76358)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-charencode-dos(76358)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76358" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1200b/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1200b/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3609.json b/2012/3xxx/CVE-2012-3609.json index 4a55348a398..ab1b19a9aab 100644 --- a/2012/3xxx/CVE-2012-3609.json +++ b/2012/3xxx/CVE-2012-3609.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4743.json b/2012/4xxx/CVE-2012-4743.json index 7beedb8bdbb..53d08be3594 100644 --- a/2012/4xxx/CVE-2012-4743.json +++ b/2012/4xxx/CVE-2012-4743.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120414 Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0099.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=504", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=504" - }, - { - "name" : "53035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53035" - }, - { - "name" : "81178", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81178" - }, - { - "name" : "sichesearch-ssearch-sql-injection(74916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=504", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=504" + }, + { + "name": "53035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53035" + }, + { + "name": "81178", + "refsource": "OSVDB", + "url": "http://osvdb.org/81178" + }, + { + "name": "sichesearch-ssearch-sql-injection(74916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74916" + }, + { + "name": "20120414 Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0099.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4884.json b/2012/4xxx/CVE-2012-4884.json index 13f22a7092c..add469301ff 100644 --- a/2012/4xxx/CVE-2012-4884.json +++ b/2012/4xxx/CVE-2012-4884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20121025 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" - }, - { - "name" : "DSA-2567", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20121025 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" + }, + { + "name": "DSA-2567", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2567" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6369.json b/2012/6xxx/CVE-2012-6369.json index 89f6569a2de..36a38b8770b 100644 --- a/2012/6xxx/CVE-2012-6369.json +++ b/2012/6xxx/CVE-2012-6369.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/118467/Agilebits-1Password-3.9.9-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/118467/Agilebits-1Password-3.9.9-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.youtube.com/watch?v=A1kPL9ggRi4", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=A1kPL9ggRi4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.youtube.com/watch?v=A1kPL9ggRi4", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=A1kPL9ggRi4" + }, + { + "name": "http://packetstormsecurity.org/files/118467/Agilebits-1Password-3.9.9-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/118467/Agilebits-1Password-3.9.9-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6418.json b/2012/6xxx/CVE-2012-6418.json index 0c588dbe102..12fd3fb0c70 100644 --- a/2012/6xxx/CVE-2012-6418.json +++ b/2012/6xxx/CVE-2012-6418.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6418", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6418", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5584.json b/2015/5xxx/CVE-2015-5584.json index 3f8cb345b3d..e20f58ab266 100644 --- a/2015/5xxx/CVE-2015-5584.json +++ b/2015/5xxx/CVE-2015-5584.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201509-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201509-07" - }, - { - "name" : "RHSA-2015:1814", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "SUSE-SU-2015:1614", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1618", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:1616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" - }, - { - "name" : "76795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76795" - }, - { - "name" : "1033629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1814", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "openSUSE-SU-2015:1616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" + }, + { + "name": "1033629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033629" + }, + { + "name": "SUSE-SU-2015:1618", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" + }, + { + "name": "76795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76795" + }, + { + "name": "SUSE-SU-2015:1614", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" + }, + { + "name": "GLSA-201509-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201509-07" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5624.json b/2015/5xxx/CVE-2015-5624.json index e440a7ee101..3c7a912fa0c 100644 --- a/2015/5xxx/CVE-2015-5624.json +++ b/2015/5xxx/CVE-2015-5624.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued \"Click to Live\" service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#62078684", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN62078684/index.html" - }, - { - "name" : "JVNDB-2015-000127", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued \"Click to Live\" service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#62078684", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN62078684/index.html" + }, + { + "name": "JVNDB-2015-000127", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000127" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2427.json b/2017/2xxx/CVE-2017-2427.json index 0cb466e6ec4..91262bd1278 100644 --- a/2017/2xxx/CVE-2017-2427.json +++ b/2017/2xxx/CVE-2017-2427.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97140" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97140" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2464.json b/2017/2xxx/CVE-2017-2464.json index 2fcf17816d1..a16f3fabf5f 100644 --- a/2017/2xxx/CVE-2017-2464.json +++ b/2017/2xxx/CVE-2017-2464.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41931/" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97130" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97130" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "41931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41931/" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2529.json b/2017/2xxx/CVE-2017-2529.json index c712482650d..7c00aef6707 100644 --- a/2017/2xxx/CVE-2017-2529.json +++ b/2017/2xxx/CVE-2017-2529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2622.json b/2017/2xxx/CVE-2017-2622.json index 4172abca985..f21d3454c80 100644 --- a/2017/2xxx/CVE-2017-2622.json +++ b/2017/2xxx/CVE-2017-2622.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-2622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openstack-mistral", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-552" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openstack-mistral", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" - }, - { - "name" : "RHSA-2017:1584", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622" + }, + { + "name": "RHSA-2017:1584", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1584" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2676.json b/2017/2xxx/CVE-2017-2676.json index ca2a37fee37..663ef9c0d2d 100644 --- a/2017/2xxx/CVE-2017-2676.json +++ b/2017/2xxx/CVE-2017-2676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11061.json b/2018/11xxx/CVE-2018-11061.json index 75eef386956..64e98c71ee6 100644 --- a/2018/11xxx/CVE-2018-11061.json +++ b/2018/11xxx/CVE-2018-11061.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-08-22T00:00:00.000Z", - "ID" : "CVE-2018-11061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA NetWitness ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "11.1.0.2" - } - ] - } - }, - { - "product_name" : "RSA Security Analytics ", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "10.6.6" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.1, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "server-side template injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-08-22T00:00:00.000Z", + "ID": "CVE-2018-11061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA NetWitness ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "11.1.0.2" + } + ] + } + }, + { + "product_name": "RSA Security Analytics ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "10.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180814 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/32" - }, - { - "name" : "105134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105134" - }, - { - "name" : "1041541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041541" - }, - { - "name" : "1041542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041542" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "server-side template injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041542" + }, + { + "name": "20180814 DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/32" + }, + { + "name": "105134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105134" + }, + { + "name": "1041541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041541" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11611.json b/2018/11xxx/CVE-2018-11611.json index 23b41e4b716..289142e3dc8 100644 --- a/2018/11xxx/CVE-2018-11611.json +++ b/2018/11xxx/CVE-2018-11611.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11611", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11611", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11804.json b/2018/11xxx/CVE-2018-11804.json index 11c4a66e0b2..8334cd7bd5e 100644 --- a/2018/11xxx/CVE-2018-11804.json +++ b/2018/11xxx/CVE-2018-11804.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-10-24T00:00:00", - "ID" : "CVE-2018-11804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Spark", - "version" : { - "version_data" : [ - { - "version_value" : "branches 1.3.x and later, including master" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-10-24T00:00:00", + "ID": "CVE-2018-11804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Spark", + "version": { + "version_data": [ + { + "version_value": "branches 1.3.x and later, including master" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20181024 CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E" - }, - { - "name" : "https://spark.apache.org/security.html#CVE-2018-11804", - "refsource" : "CONFIRM", - "url" : "https://spark.apache.org/security.html#CVE-2018-11804" - }, - { - "name" : "105756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20181024 CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E" + }, + { + "name": "https://spark.apache.org/security.html#CVE-2018-11804", + "refsource": "CONFIRM", + "url": "https://spark.apache.org/security.html#CVE-2018-11804" + }, + { + "name": "105756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105756" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11814.json b/2018/11xxx/CVE-2018-11814.json index 904d5b95f36..8035f798b78 100644 --- a/2018/11xxx/CVE-2018-11814.json +++ b/2018/11xxx/CVE-2018-11814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11814", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11814", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14191.json b/2018/14xxx/CVE-2018-14191.json index 293ee8d8589..781279b03c1 100644 --- a/2018/14xxx/CVE-2018-14191.json +++ b/2018/14xxx/CVE-2018-14191.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14191", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14191", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14960.json b/2018/14xxx/CVE-2018-14960.json index fd2c1726288..d52f599c613 100644 --- a/2018/14xxx/CVE-2018-14960.json +++ b/2018/14xxx/CVE-2018-14960.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xiao5uCompany 1.7 has CSRF via admin/Admin.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.whiterabbitxyj.com/cve/Xiao5uCompany_1.7_csrf.doc", - "refsource" : "MISC", - "url" : "http://blog.whiterabbitxyj.com/cve/Xiao5uCompany_1.7_csrf.doc" - }, - { - "name" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/Xiao5uCompany_1.7_csrf.doc", - "refsource" : "MISC", - "url" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/Xiao5uCompany_1.7_csrf.doc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xiao5uCompany 1.7 has CSRF via admin/Admin.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/Xiao5uCompany_1.7_csrf.doc", + "refsource": "MISC", + "url": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/Xiao5uCompany_1.7_csrf.doc" + }, + { + "name": "http://blog.whiterabbitxyj.com/cve/Xiao5uCompany_1.7_csrf.doc", + "refsource": "MISC", + "url": "http://blog.whiterabbitxyj.com/cve/Xiao5uCompany_1.7_csrf.doc" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15058.json b/2018/15xxx/CVE-2018-15058.json index 4bfd1d07e0f..defed8f5f4e 100644 --- a/2018/15xxx/CVE-2018-15058.json +++ b/2018/15xxx/CVE-2018-15058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15210.json b/2018/15xxx/CVE-2018-15210.json index 1d6e2985cdb..c4786a8f5a6 100644 --- a/2018/15xxx/CVE-2018-15210.json +++ b/2018/15xxx/CVE-2018-15210.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15210", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15210", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15981.json b/2018/15xxx/CVE-2018-15981.json index 8c9b780ca00..18e43b16c25 100644 --- a/2018/15xxx/CVE-2018-15981.json +++ b/2018/15xxx/CVE-2018-15981.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Flash Player", - "version" : { - "version_data" : [ - { - "version_value" : "31.0.0.148 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Flash Player", + "version": { + "version_data": [ + { + "version_value": "31.0.0.148 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html" - }, - { - "name" : "RHSA-2018:3644", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3644" - }, - { - "name" : "105964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105964" - }, - { - "name" : "1042151", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105964" + }, + { + "name": "RHSA-2018:3644", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3644" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html" + }, + { + "name": "1042151", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042151" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8044.json b/2018/8xxx/CVE-2018-8044.json index 112f766a45a..fdeddba018a 100644 --- a/2018/8xxx/CVE-2018-8044.json +++ b/2018/8xxx/CVE-2018-8044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8247.json b/2018/8xxx/CVE-2018-8247.json index 2364f4eaedb..205885bc295 100644 --- a/2018/8xxx/CVE-2018-8247.json +++ b/2018/8xxx/CVE-2018-8247.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Web Apps Server 2013 Service Pack 1" - } - ] - } - }, - { - "product_name" : "Microsoft Office Online Server", - "version" : { - "version_data" : [ - { - "version_value" : "2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka \"Microsoft Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Web Apps Server 2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247" - }, - { - "name" : "104319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104319" - }, - { - "name" : "1041104", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka \"Microsoft Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247" + }, + { + "name": "1041104", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041104" + }, + { + "name": "104319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104319" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8250.json b/2018/8xxx/CVE-2018-8250.json index 8f5b01abf41..60ee972f492 100644 --- a/2018/8xxx/CVE-2018-8250.json +++ b/2018/8xxx/CVE-2018-8250.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8250", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8250", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8257.json b/2018/8xxx/CVE-2018-8257.json index 253ca924907..646e964cb85 100644 --- a/2018/8xxx/CVE-2018-8257.json +++ b/2018/8xxx/CVE-2018-8257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8556.json b/2018/8xxx/CVE-2018-8556.json index ace42cd020e..6ba503aec51 100644 --- a/2018/8xxx/CVE-2018-8556.json +++ b/2018/8xxx/CVE-2018-8556.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556" - }, - { - "name" : "105779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105779" - }, - { - "name" : "1042107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105779" + }, + { + "name": "1042107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042107" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8680.json b/2018/8xxx/CVE-2018-8680.json index d2b3163f6de..d5594cbf453 100644 --- a/2018/8xxx/CVE-2018-8680.json +++ b/2018/8xxx/CVE-2018-8680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file