From 97b733ca4e257c75a479ca006e53442caae4e4bb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:47:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0970.json | 120 ++++---- 2005/1xxx/CVE-2005-1851.json | 130 ++++----- 2005/2xxx/CVE-2005-2402.json | 160 +++++----- 2005/2xxx/CVE-2005-2835.json | 34 +-- 2005/3xxx/CVE-2005-3039.json | 140 ++++----- 2005/3xxx/CVE-2005-3254.json | 120 ++++---- 2005/3xxx/CVE-2005-3455.json | 190 ++++++------ 2005/3xxx/CVE-2005-3462.json | 160 +++++----- 2005/3xxx/CVE-2005-3616.json | 34 +-- 2005/4xxx/CVE-2005-4253.json | 160 +++++----- 2005/4xxx/CVE-2005-4262.json | 160 +++++----- 2005/4xxx/CVE-2005-4482.json | 160 +++++----- 2009/0xxx/CVE-2009-0377.json | 140 ++++----- 2009/0xxx/CVE-2009-0945.json | 520 ++++++++++++++++----------------- 2009/2xxx/CVE-2009-2055.json | 140 ++++----- 2009/2xxx/CVE-2009-2272.json | 120 ++++---- 2009/2xxx/CVE-2009-2473.json | 240 +++++++-------- 2009/3xxx/CVE-2009-3690.json | 34 +-- 2009/3xxx/CVE-2009-3830.json | 150 +++++----- 2009/3xxx/CVE-2009-3966.json | 130 ++++----- 2009/4xxx/CVE-2009-4190.json | 130 ++++----- 2009/4xxx/CVE-2009-4197.json | 140 ++++----- 2009/4xxx/CVE-2009-4319.json | 130 ++++----- 2009/4xxx/CVE-2009-4332.json | 200 ++++++------- 2009/4xxx/CVE-2009-4901.json | 220 +++++++------- 2012/2xxx/CVE-2012-2086.json | 190 ++++++------ 2012/2xxx/CVE-2012-2541.json | 34 +-- 2012/2xxx/CVE-2012-2939.json | 170 +++++------ 2012/2xxx/CVE-2012-2967.json | 150 +++++----- 2015/0xxx/CVE-2015-0847.json | 170 +++++------ 2015/0xxx/CVE-2015-0937.json | 130 ++++----- 2015/0xxx/CVE-2015-0949.json | 34 +-- 2015/1xxx/CVE-2015-1022.json | 34 +-- 2015/1xxx/CVE-2015-1173.json | 130 ++++----- 2015/1xxx/CVE-2015-1273.json | 200 ++++++------- 2015/1xxx/CVE-2015-1490.json | 140 ++++----- 2015/5xxx/CVE-2015-5015.json | 140 ++++----- 2015/5xxx/CVE-2015-5113.json | 140 ++++----- 2015/5xxx/CVE-2015-5496.json | 140 ++++----- 2015/5xxx/CVE-2015-5602.json | 200 ++++++------- 2015/5xxx/CVE-2015-5732.json | 200 ++++++------- 2018/11xxx/CVE-2018-11416.json | 130 ++++----- 2018/11xxx/CVE-2018-11718.json | 120 ++++---- 2018/11xxx/CVE-2018-11996.json | 130 ++++----- 2018/3xxx/CVE-2018-3592.json | 132 ++++----- 2018/3xxx/CVE-2018-3995.json | 132 ++++----- 2018/6xxx/CVE-2018-6443.json | 120 ++++---- 2018/6xxx/CVE-2018-6644.json | 130 ++++----- 2018/7xxx/CVE-2018-7081.json | 34 +-- 2018/7xxx/CVE-2018-7136.json | 34 +-- 2018/7xxx/CVE-2018-7368.json | 34 +-- 2018/7xxx/CVE-2018-7373.json | 34 +-- 2018/7xxx/CVE-2018-7480.json | 170 +++++------ 2018/7xxx/CVE-2018-7498.json | 132 ++++----- 2018/7xxx/CVE-2018-7921.json | 130 ++++----- 2018/8xxx/CVE-2018-8129.json | 240 +++++++-------- 2018/8xxx/CVE-2018-8290.json | 220 +++++++------- 2018/8xxx/CVE-2018-8405.json | 306 +++++++++---------- 2018/8xxx/CVE-2018-8482.json | 460 ++++++++++++++--------------- 2018/8xxx/CVE-2018-8529.json | 136 ++++----- 60 files changed, 4444 insertions(+), 4444 deletions(-) diff --git a/2005/0xxx/CVE-2005-0970.json b/2005/0xxx/CVE-2005-0970.json index 6e2d67c8099..f7ef4f1a0f2 100644 --- a/2005/0xxx/CVE-2005-0970.json +++ b/2005/0xxx/CVE-2005-0970.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-04-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-04-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1851.json b/2005/1xxx/CVE-2005-1851.json index 35e9c569f0e..41ad24a9cff 100644 --- a/2005/1xxx/CVE-2005-1851.json +++ b/2005/1xxx/CVE-2005-1851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-1851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-760", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-760" - }, - { - "name" : "20050721 Multiple vulnerabilities in libgadu and ekg package", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112198499417250&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-760", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-760" + }, + { + "name": "20050721 Multiple vulnerabilities in libgadu and ekg package", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112198499417250&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2402.json b/2005/2xxx/CVE-2005-2402.json index c3599bbd821..9defbbce02c 100644 --- a/2005/2xxx/CVE-2005-2402.json +++ b/2005/2xxx/CVE-2005-2402.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rgod.altervista.org/PHPSiteSearch177dpoc.txt", - "refsource" : "MISC", - "url" : "http://www.rgod.altervista.org/PHPSiteSearch177dpoc.txt" - }, - { - "name" : "14344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14344" - }, - { - "name" : "18142", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18142" - }, - { - "name" : "16156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16156" - }, - { - "name" : "phpsitesearch-query-xss(21463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpsitesearch-query-xss(21463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21463" + }, + { + "name": "18142", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18142" + }, + { + "name": "16156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16156" + }, + { + "name": "http://www.rgod.altervista.org/PHPSiteSearch177dpoc.txt", + "refsource": "MISC", + "url": "http://www.rgod.altervista.org/PHPSiteSearch177dpoc.txt" + }, + { + "name": "14344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14344" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2835.json b/2005/2xxx/CVE-2005-2835.json index e54c5f672b4..75e919a7bdb 100644 --- a/2005/2xxx/CVE-2005-2835.json +++ b/2005/2xxx/CVE-2005-2835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3039.json b/2005/3xxx/CVE-2005-3039.json index 2dffd54bd19..9281f4ff4f5 100644 --- a/2005/3xxx/CVE-2005-3039.json +++ b/2005/3xxx/CVE-2005-3039.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://systemsecure.org/ssforum/viewtopic.php?t=219", - "refsource" : "MISC", - "url" : "http://systemsecure.org/ssforum/viewtopic.php?t=219" - }, - { - "name" : "1014882", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014882" - }, - { - "name" : "14803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014882", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014882" + }, + { + "name": "14803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14803" + }, + { + "name": "http://systemsecure.org/ssforum/viewtopic.php?t=219", + "refsource": "MISC", + "url": "http://systemsecure.org/ssforum/viewtopic.php?t=219" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3254.json b/2005/3xxx/CVE-2005-3254.json index 9d6f5e067c3..6c14e889025 100644 --- a/2005/3xxx/CVE-2005-3254.json +++ b/2005/3xxx/CVE-2005-3254.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[secure-testing-announce] 20050828 [DTSA-6-1] New cgiwrap packages fix multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://lists.alioth.debian.org/pipermail/secure-testing-announce/2005-August/000003.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3455.json b/2005/3xxx/CVE-2005-3455.json index a25754c894e..1e12ef0c28d 100644 --- a/2005/3xxx/CVE-2005-3455.json +++ b/2005/3xxx/CVE-2005-3455.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) APPS14 in Oracle Service; (13) APPS15 in Service Fulfillment Manage, (14) APPS16 in Universal Work Queue; and (15) APPS20 in Workflow Cartridge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "VU#150508", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150508" - }, - { - "name" : "VU#609340", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/609340" - }, - { - "name" : "VU#265700", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/265700" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) APPS14 in Oracle Service; (13) APPS15 in Service Fulfillment Manage, (14) APPS16 in Universal Work Queue; and (15) APPS20 in Workflow Cartridge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "VU#609340", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/609340" + }, + { + "name": "VU#265700", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/265700" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + }, + { + "name": "VU#150508", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150508" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3462.json b/2005/3xxx/CVE-2005-3462.json index 78cb3966658..2d69ffdeead 100644 --- a/2005/3xxx/CVE-2005-3462.json +++ b/2005/3xxx/CVE-2005-3462.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" - }, - { - "name" : "TA05-292A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" - }, - { - "name" : "VU#210524", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210524" - }, - { - "name" : "15134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15134" - }, - { - "name" : "17250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html" + }, + { + "name": "TA05-292A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html" + }, + { + "name": "15134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15134" + }, + { + "name": "VU#210524", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210524" + }, + { + "name": "17250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17250" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3616.json b/2005/3xxx/CVE-2005-3616.json index 603396914fc..4e35e7992c4 100644 --- a/2005/3xxx/CVE-2005-3616.json +++ b/2005/3xxx/CVE-2005-3616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4253.json b/2005/4xxx/CVE-2005-4253.json index 3d23a592ace..d4de5dd87d0 100644 --- a/2005/4xxx/CVE-2005-4253.json +++ b/2005/4xxx/CVE-2005-4253.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051122 Re: Torrential 1.2 getdox.php Directory Traversal", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0720.html" - }, - { - "name" : "15543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15543" - }, - { - "name" : "21304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21304" - }, - { - "name" : "1015338", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015338" - }, - { - "name" : "torrential-getdox-xss(23232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15543" + }, + { + "name": "torrential-getdox-xss(23232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23232" + }, + { + "name": "21304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21304" + }, + { + "name": "1015338", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015338" + }, + { + "name": "20051122 Re: Torrential 1.2 getdox.php Directory Traversal", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0720.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4262.json b/2005/4xxx/CVE-2005-4262.json index d0ab3e9d808..de0dba633a4 100644 --- a/2005/4xxx/CVE-2005-4262.json +++ b/2005/4xxx/CVE-2005-4262.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15857" - }, - { - "name" : "ADV-2005-2927", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2927" - }, - { - "name" : "21751", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21751" - }, - { - "name" : "1015351", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015351" - }, - { - "name" : "18069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2927", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2927" + }, + { + "name": "18069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18069" + }, + { + "name": "1015351", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015351" + }, + { + "name": "15857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15857" + }, + { + "name": "21751", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21751" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4482.json b/2005/4xxx/CVE-2005-4482.json index d01cdc0b832..32357990e8d 100644 --- a/2005/4xxx/CVE-2005-4482.json +++ b/2005/4xxx/CVE-2005-4482.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/portalapp-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/portalapp-xss-vuln.html" - }, - { - "name" : "16008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16008" - }, - { - "name" : "ADV-2005-3037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3037" - }, - { - "name" : "21880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21880" - }, - { - "name" : "18201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16008" + }, + { + "name": "21880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21880" + }, + { + "name": "18201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18201" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/portalapp-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/portalapp-xss-vuln.html" + }, + { + "name": "ADV-2005-3037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3037" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0377.json b/2009/0xxx/CVE-2009-0377.json index 7aa35b4e992..3a125ee2dad 100644 --- a/2009/0xxx/CVE-2009-0377.json +++ b/2009/0xxx/CVE-2009-0377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090121 Joomla component beamospetition 1.0.12 Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500250/100/0/threaded" - }, - { - "name" : "7847", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7847" - }, - { - "name" : "33391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090121 Joomla component beamospetition 1.0.12 Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500250/100/0/threaded" + }, + { + "name": "7847", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7847" + }, + { + "name": "33391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33391" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0945.json b/2009/0xxx/CVE-2009-0945.json index c71b7673de2..b03fea8ccba 100644 --- a/2009/0xxx/CVE-2009-0945.json +++ b/2009/0xxx/CVE-2009-0945.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503594/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-022", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-022" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "http://support.apple.com/kb/HT3550", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3550" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=9019", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=9019" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html" - }, - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "DSA-1950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1950" - }, - { - "name" : "FEDORA-2009-6166", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html" - }, - { - "name" : "FEDORA-2009-8039", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html" - }, - { - "name" : "FEDORA-2009-8049", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html" - }, - { - "name" : "RHSA-2009:1130", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1130.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-823-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/823-1/" - }, - { - "name" : "USN-822-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-822-1" - }, - { - "name" : "USN-857-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-857-1" - }, - { - "name" : "USN-836-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-836-1" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "34924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34924" - }, - { - "name" : "oval:org.mitre.oval:def:11584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584" - }, - { - "name" : "1022207", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022207" - }, - { - "name" : "35056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35056" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35095", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35095" - }, - { - "name" : "35576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35576" - }, - { - "name" : "35805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35805" - }, - { - "name" : "36062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36062" - }, - { - "name" : "36461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36461" - }, - { - "name" : "37746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37746" - }, - { - "name" : "36790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36790" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2009-1298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1298" - }, - { - "name" : "ADV-2009-1321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1321" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "safari-webkit-svglist-bo(50477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-822-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-822-1" + }, + { + "name": "35805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35805" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "FEDORA-2009-8039", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "1022207", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022207" + }, + { + "name": "20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503594/100/0/threaded" + }, + { + "name": "RHSA-2009:1130", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1130.html" + }, + { + "name": "ADV-2009-1298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1298" + }, + { + "name": "35576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35576" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "37746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37746" + }, + { + "name": "36790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36790" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "35056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35056" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-022", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-022" + }, + { + "name": "34924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34924" + }, + { + "name": "36461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36461" + }, + { + "name": "safari-webkit-svglist-bo(50477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50477" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html" + }, + { + "name": "USN-823-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/823-1/" + }, + { + "name": "DSA-1950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1950" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "36062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36062" + }, + { + "name": "USN-857-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-857-1" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00001.html" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "oval:org.mitre.oval:def:11584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "35095", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35095" + }, + { + "name": "FEDORA-2009-8049", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html" + }, + { + "name": "http://support.apple.com/kb/HT3550", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3550" + }, + { + "name": "FEDORA-2009-6166", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html" + }, + { + "name": "USN-836-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-836-1" + }, + { + "name": "ADV-2009-1321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1321" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=9019", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=9019" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2055.json b/2009/2xxx/CVE-2009-2055.json index 25d65b080b7..29347a99e75 100644 --- a/2009/2xxx/CVE-2009-2055.json +++ b/2009/2xxx/CVE-2009-2055.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-2055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nanog] 20090817 RE: Anyone else seeing \"(invalid or corrupt AS path) 3 bytes E01100\" ?", - "refsource" : "MLIST", - "url" : "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html" - }, - { - "name" : "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml" - }, - { - "name" : "1022739", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nanog] 20090817 RE: Anyone else seeing \"(invalid or corrupt AS path) 3 bytes E01100\" ?", + "refsource": "MLIST", + "url": "http://mailman.nanog.org/pipermail/nanog/2009-August/012719.html" + }, + { + "name": "1022739", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022739" + }, + { + "name": "20090818 Cisco IOS XR Software Border Gateway Protocol Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2272.json b/2009/2xxx/CVE-2009-2272.json index 4472c88d45a..751bee5bd4d 100644 --- a/2009/2xxx/CVE-2009-2272.json +++ b/2009/2xxx/CVE-2009-2272.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090630 Multiple Flaws in Huawei D100", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504645/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090630 Multiple Flaws in Huawei D100", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504645/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2473.json b/2009/2xxx/CVE-2009-2473.json index 9163561e0db..923619a9be0 100644 --- a/2009/2xxx/CVE-2009-2473.json +++ b/2009/2xxx/CVE-2009-2473.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[neon] 20090818 CVE-2009-2473: fix for \"billion laughs\" attack against expat", - "refsource" : "MLIST", - "url" : "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html" - }, - { - "name" : "[neon] 20090818 neon: release 0.28.6 (SECURITY)", - "refsource" : "MLIST", - "url" : "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "FEDORA-2009-8794", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html" - }, - { - "name" : "FEDORA-2009-8815", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html" - }, - { - "name" : "MDVSA-2009:221", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221" - }, - { - "name" : "RHSA-2013:0131", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0131.html" - }, - { - "name" : "SUSE-SR:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:9461", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461" - }, - { - "name" : "36371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36371" - }, - { - "name" : "ADV-2009-2341", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2341" - }, - { - "name" : "neon-xml-dos(52633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)", + "refsource": "MLIST", + "url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html" + }, + { + "name": "oval:org.mitre.oval:def:9461", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "SUSE-SR:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" + }, + { + "name": "ADV-2009-2341", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2341" + }, + { + "name": "MDVSA-2009:221", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "RHSA-2013:0131", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0131.html" + }, + { + "name": "36371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36371" + }, + { + "name": "FEDORA-2009-8815", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html" + }, + { + "name": "FEDORA-2009-8794", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html" + }, + { + "name": "neon-xml-dos(52633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52633" + }, + { + "name": "[neon] 20090818 CVE-2009-2473: fix for \"billion laughs\" attack against expat", + "refsource": "MLIST", + "url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3690.json b/2009/3xxx/CVE-2009-3690.json index f7a93c27283..21a51db9197 100644 --- a/2009/3xxx/CVE-2009-3690.json +++ b/2009/3xxx/CVE-2009-3690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3830.json b/2009/3xxx/CVE-2009-3830.json index fd851753a63..9e08934c2a9 100644 --- a/2009/3xxx/CVE-2009-3830.json +++ b/2009/3xxx/CVE-2009-3830.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091026 SharePoint 2007 ASP.NET Source Code Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507419/100/0/threaded" - }, - { - "name" : "976829", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/976829" - }, - { - "name" : "36817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36817" - }, - { - "name" : "sharepoint-download-info-disclosure(53955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091026 SharePoint 2007 ASP.NET Source Code Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507419/100/0/threaded" + }, + { + "name": "36817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36817" + }, + { + "name": "sharepoint-download-info-disclosure(53955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53955" + }, + { + "name": "976829", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/976829" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3966.json b/2009/3xxx/CVE-2009-3966.json index d850034dadc..4db5973becb 100644 --- a/2009/3xxx/CVE-2009-3966.json +++ b/2009/3xxx/CVE-2009-3966.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9482", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9482" - }, - { - "name" : "36448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9482", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9482" + }, + { + "name": "36448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36448" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4190.json b/2009/4xxx/CVE-2009-4190.json index 3b31b44125e..00390c0fb1f 100644 --- a/2009/4xxx/CVE-2009-4190.json +++ b/2009/4xxx/CVE-2009-4190.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.intevydis.com/blog/?p=79", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/blog/?p=79" - }, - { - "name" : "http://www.intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://www.intevydis.com/vd-list.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.intevydis.com/blog/?p=79", + "refsource": "MISC", + "url": "http://www.intevydis.com/blog/?p=79" + }, + { + "name": "http://www.intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://www.intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4197.json b/2009/4xxx/CVE-2009-4197.json index 7797fff9d03..5fc4cb88d9e 100644 --- a/2009/4xxx/CVE-2009-4197.json +++ b/2009/4xxx/CVE-2009-4197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10276", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10276" - }, - { - "name" : "37194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37194" - }, - { - "name" : "huawei-password-type-weak-security(54528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10276", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10276" + }, + { + "name": "huawei-password-type-weak-security(54528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54528" + }, + { + "name": "37194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37194" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4319.json b/2009/4xxx/CVE-2009-4319.json index 97f0bf2db29..2c6fcad2733 100644 --- a/2009/4xxx/CVE-2009-4319.json +++ b/2009/4xxx/CVE-2009-4319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10422", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10422" - }, - { - "name" : "37749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37749" + }, + { + "name": "10422", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10422" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4332.json b/2009/4xxx/CVE-2009-4332.json index c17e381c6d6..961b961e637 100644 --- a/2009/4xxx/CVE-2009-4332.json +++ b/2009/4xxx/CVE-2009-4332.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" - }, - { - "name" : "IZ28509", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509" - }, - { - "name" : "IZ28510", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510" - }, - { - "name" : "37332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37332" - }, - { - "name" : "37759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37759" - }, - { - "name" : "ADV-2009-3520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + }, + { + "name": "IZ28509", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28509" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" + }, + { + "name": "ADV-2009-3520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3520" + }, + { + "name": "37332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37332" + }, + { + "name": "IZ28510", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28510" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" + }, + { + "name": "37759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37759" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4901.json b/2009/4xxx/CVE-2009-4901.json index 050c862e916..fa78462f3fc 100644 --- a/2009/4xxx/CVE-2009-4901.json +++ b/2009/4xxx/CVE-2009-4901.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208", - "refsource" : "CONFIRM", - "url" : "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=596426" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-2059", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2059" - }, - { - "name" : "FEDORA-2010-10014", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" - }, - { - "name" : "FEDORA-2010-9995", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" - }, - { - "name" : "40758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40758" - }, - { - "name" : "40140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40140" - }, - { - "name" : "40239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40239" - }, - { - "name" : "ADV-2010-1427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1427" - }, - { - "name" : "ADV-2010-1508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40758" + }, + { + "name": "DSA-2059", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2059" + }, + { + "name": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208", + "refsource": "CONFIRM", + "url": "http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208" + }, + { + "name": "40239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40239" + }, + { + "name": "40140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40140" + }, + { + "name": "ADV-2010-1427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1427" + }, + { + "name": "FEDORA-2010-9995", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042900.html" + }, + { + "name": "ADV-2010-1508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1508" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=596426", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" + }, + { + "name": "FEDORA-2010-10014", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042921.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2086.json b/2012/2xxx/CVE-2012-2086.json index 4c3db12d7d7..1ab167bdf36 100644 --- a/2012/2xxx/CVE-2012-2086.json +++ b/2012/2xxx/CVE-2012-2086.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120408 CVE request: gajim - code execution and sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/08/1" - }, - { - "name" : "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/08/2" - }, - { - "name" : "https://trac.gajim.org/changeset/988e38ce0e0c", - "refsource" : "CONFIRM", - "url" : "https://trac.gajim.org/changeset/988e38ce0e0c" - }, - { - "name" : "https://trac.gajim.org/ticket/7034", - "refsource" : "CONFIRM", - "url" : "https://trac.gajim.org/ticket/7034" - }, - { - "name" : "GLSA-201208-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201208-04.xml" - }, - { - "name" : "52943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52943" - }, - { - "name" : "48708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48708" - }, - { - "name" : "48794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.gajim.org/changeset/988e38ce0e0c", + "refsource": "CONFIRM", + "url": "https://trac.gajim.org/changeset/988e38ce0e0c" + }, + { + "name": "https://trac.gajim.org/ticket/7034", + "refsource": "CONFIRM", + "url": "https://trac.gajim.org/ticket/7034" + }, + { + "name": "48794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48794" + }, + { + "name": "48708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48708" + }, + { + "name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/1" + }, + { + "name": "GLSA-201208-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201208-04.xml" + }, + { + "name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/2" + }, + { + "name": "52943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52943" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2541.json b/2012/2xxx/CVE-2012-2541.json index 1b4523e7615..bf4f862bc79 100644 --- a/2012/2xxx/CVE-2012-2541.json +++ b/2012/2xxx/CVE-2012-2541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2541", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2939.json b/2012/2xxx/CVE-2012-2939.json index 1c0d9eaea7c..51613f3ad3e 100644 --- a/2012/2xxx/CVE-2012-2939.json +++ b/2012/2xxx/CVE-2012-2939.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18871", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18871" - }, - { - "name" : "http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html", - "refsource" : "MISC", - "url" : "http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=530", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=530" - }, - { - "name" : "53500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53500" - }, - { - "name" : "81889", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81889" - }, - { - "name" : "travelonexpress-multiple-file-upload(75542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53500" + }, + { + "name": "travelonexpress-multiple-file-upload(75542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75542" + }, + { + "name": "81889", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81889" + }, + { + "name": "http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html", + "refsource": "MISC", + "url": "http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=530", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=530" + }, + { + "name": "18871", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18871" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2967.json b/2012/2xxx/CVE-2012-2967.json index 143e7068cbb..576f603769f 100644 --- a/2012/2xxx/CVE-2012-2967.json +++ b/2012/2xxx/CVE-2012-2967.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://caucho.com/resin-4.0/changes/changes.xtp", - "refsource" : "MISC", - "url" : "http://caucho.com/resin-4.0/changes/changes.xtp" - }, - { - "name" : "http://en.securitylab.ru/lab/", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/" - }, - { - "name" : "http://en.securitylab.ru/lab/PT-2012-05", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2012-05" - }, - { - "name" : "VU#309979", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/309979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#309979", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/309979" + }, + { + "name": "http://en.securitylab.ru/lab/", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2012-05", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2012-05" + }, + { + "name": "http://caucho.com/resin-4.0/changes/changes.xtp", + "refsource": "MISC", + "url": "http://caucho.com/resin-4.0/changes/changes.xtp" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0847.json b/2015/0xxx/CVE-2015-0847.json index 604b55583a8..9e1962278b1 100644 --- a/2015/0xxx/CVE-2015-0847.json +++ b/2015/0xxx/CVE-2015-0847.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Nbd] 20150507 [PATCH] nbd-server: fix unsafe signal handling", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/nbd/mailman/message/34091218/" - }, - { - "name" : "[oss-security] 20150507 CVE-2015-0847 in nbd-server", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/05/07/9" - }, - { - "name" : "http://sourceforge.net/projects/nbd/files/nbd/3.11/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/nbd/files/nbd/3.11/" - }, - { - "name" : "DSA-3271", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3271" - }, - { - "name" : "openSUSE-SU-2015:0994", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html" - }, - { - "name" : "USN-2676-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2676-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3271", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3271" + }, + { + "name": "[Nbd] 20150507 [PATCH] nbd-server: fix unsafe signal handling", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/nbd/mailman/message/34091218/" + }, + { + "name": "USN-2676-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2676-1" + }, + { + "name": "openSUSE-SU-2015:0994", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html" + }, + { + "name": "http://sourceforge.net/projects/nbd/files/nbd/3.11/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/nbd/files/nbd/3.11/" + }, + { + "name": "[oss-security] 20150507 CVE-2015-0847 in nbd-server", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/05/07/9" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0937.json b/2015/0xxx/CVE-2015-0937.json index 5151dd24d35..24644fd73f9 100644 --- a/2015/0xxx/CVE-2015-0937.json +++ b/2015/0xxx/CVE-2015-0937.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-0937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bto.bluecoat.com/security-advisory/sa94", - "refsource" : "CONFIRM", - "url" : "https://bto.bluecoat.com/security-advisory/sa94" - }, - { - "name" : "VU#274244", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/274244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bto.bluecoat.com/security-advisory/sa94", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa94" + }, + { + "name": "VU#274244", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/274244" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0949.json b/2015/0xxx/CVE-2015-0949.json index e0578f48048..bf6beaa0d29 100644 --- a/2015/0xxx/CVE-2015-0949.json +++ b/2015/0xxx/CVE-2015-0949.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0949", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0949", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1022.json b/2015/1xxx/CVE-2015-1022.json index 4298e70a9f3..964f5c94a1e 100644 --- a/2015/1xxx/CVE-2015-1022.json +++ b/2015/1xxx/CVE-2015-1022.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1022", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1022", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1173.json b/2015/1xxx/CVE-2015-1173.json index 6301e57995d..4e2693e6af3 100644 --- a/2015/1xxx/CVE-2015-1173.json +++ b/2015/1xxx/CVE-2015-1173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted \"received parameters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150818 UNIT4TETA TETA WEB - Authorization Bypass vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Aug/68" - }, - { - "name" : "http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted \"received parameters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150818 UNIT4TETA TETA WEB - Authorization Bypass vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Aug/68" + }, + { + "name": "http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1273.json b/2015/1xxx/CVE-2015-1273.json index 31e7b89a134..c1fb9cf4ad3 100644 --- a/2015/1xxx/CVE-2015-1273.json +++ b/2015/1xxx/CVE-2015-1273.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=459215", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=459215" - }, - { - "name" : "https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc", - "refsource" : "CONFIRM", - "url" : "https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc", + "refsource": "CONFIRM", + "url": "https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc" + }, + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=459215", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=459215" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1490.json b/2015/1xxx/CVE-2015-1490.json index ddd0429a4f9..86b39dcebd7 100644 --- a/2015/1xxx/CVE-2015-1490.json +++ b/2015/1xxx/CVE-2015-1490.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2015-1490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00" - }, - { - "name" : "76081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76081" - }, - { - "name" : "1033165", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033165", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033165" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00" + }, + { + "name": "76081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76081" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5015.json b/2015/5xxx/CVE-2015-5015.json index eb92cab10f4..d170113eb75 100644 --- a/2015/5xxx/CVE-2015-5015.json +++ b/2015/5xxx/CVE-2015-5015.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24041027", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24041027" - }, - { - "name" : "JR53970", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53970" - }, - { - "name" : "1034104", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24041027", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24041027" + }, + { + "name": "JR53970", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53970" + }, + { + "name": "1034104", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034104" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5113.json b/2015/5xxx/CVE-2015-5113.json index 5f1438db516..49cfe93c636 100644 --- a/2015/5xxx/CVE-2015-5113.json +++ b/2015/5xxx/CVE-2015-5113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5114." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" - }, - { - "name" : "75739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75739" - }, - { - "name" : "1032892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101, CVE-2015-5111, and CVE-2015-5114." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032892" + }, + { + "name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html" + }, + { + "name": "75739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75739" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5496.json b/2015/5xxx/CVE-2015-5496.json index 29f98434e32..87735a60b4b 100644 --- a/2015/5xxx/CVE-2015-5496.json +++ b/2015/5xxx/CVE-2015-5496.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2492205", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2492205" - }, - { - "name" : "74755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "74755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74755" + }, + { + "name": "https://www.drupal.org/node/2492205", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2492205" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5602.json b/2015/5xxx/CVE-2015-5602.json index b1488309646..380c5cf5f11 100644 --- a/2015/5xxx/CVE-2015-5602.json +++ b/2015/5xxx/CVE-2015-5602.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37710", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37710/" - }, - { - "name" : "http://bugzilla.sudo.ws/show_bug.cgi?id=707", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.sudo.ws/show_bug.cgi?id=707" - }, - { - "name" : "http://www.sudo.ws/stable.html#1.8.15", - "refsource" : "CONFIRM", - "url" : "http://www.sudo.ws/stable.html#1.8.15" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3440", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3440" - }, - { - "name" : "FEDORA-2015-386863df8a", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html" - }, - { - "name" : "FEDORA-2015-6a267387c0", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html" - }, - { - "name" : "GLSA-201606-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-13" - }, - { - "name" : "1034392", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.sudo.ws/show_bug.cgi?id=707", + "refsource": "CONFIRM", + "url": "http://bugzilla.sudo.ws/show_bug.cgi?id=707" + }, + { + "name": "http://www.sudo.ws/stable.html#1.8.15", + "refsource": "CONFIRM", + "url": "http://www.sudo.ws/stable.html#1.8.15" + }, + { + "name": "1034392", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034392" + }, + { + "name": "DSA-3440", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3440" + }, + { + "name": "GLSA-201606-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-13" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "FEDORA-2015-386863df8a", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html" + }, + { + "name": "37710", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37710/" + }, + { + "name": "FEDORA-2015-6a267387c0", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5732.json b/2015/5xxx/CVE-2015-5732.json index e9ceaf6ebdb..2827b806083 100644 --- a/2015/5xxx/CVE-2015-5732.json +++ b/2015/5xxx/CVE-2015-5732.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/08/04/7" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8131", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8131" - }, - { - "name" : "https://codex.wordpress.org/Version_4.2.4", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.2.4" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/33529", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/33529" - }, - { - "name" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/" - }, - { - "name" : "DSA-3332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3332" - }, - { - "name" : "DSA-3383", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3383" - }, - { - "name" : "76160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76160" - }, - { - "name" : "1033178", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/" + }, + { + "name": "76160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76160" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8131", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8131" + }, + { + "name": "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/08/04/7" + }, + { + "name": "1033178", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033178" + }, + { + "name": "https://core.trac.wordpress.org/changeset/33529", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/33529" + }, + { + "name": "DSA-3332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3332" + }, + { + "name": "https://codex.wordpress.org/Version_4.2.4", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.2.4" + }, + { + "name": "DSA-3383", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3383" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11416.json b/2018/11xxx/CVE-2018-11416.json index 9e0af9b887e..5e7ff6a3be4 100644 --- a/2018/11xxx/CVE-2018-11416.json +++ b/2018/11xxx/CVE-2018-11416.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tjko/jpegoptim/blob/master/README", - "refsource" : "MISC", - "url" : "https://github.com/tjko/jpegoptim/blob/master/README" - }, - { - "name" : "https://github.com/tjko/jpegoptim/issues/57", - "refsource" : "MISC", - "url" : "https://github.com/tjko/jpegoptim/issues/57" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tjko/jpegoptim/blob/master/README", + "refsource": "MISC", + "url": "https://github.com/tjko/jpegoptim/blob/master/README" + }, + { + "name": "https://github.com/tjko/jpegoptim/issues/57", + "refsource": "MISC", + "url": "https://github.com/tjko/jpegoptim/issues/57" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11718.json b/2018/11xxx/CVE-2018-11718.json index e9d3d2c9ad8..6d56437bc29 100644 --- a/2018/11xxx/CVE-2018-11718.json +++ b/2018/11xxx/CVE-2018-11718.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xovis.com/security/xovis-sec-2018-001.html", - "refsource" : "CONFIRM", - "url" : "https://xovis.com/security/xovis-sec-2018-001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xovis.com/security/xovis-sec-2018-001.html", + "refsource": "CONFIRM", + "url": "https://xovis.com/security/xovis-sec-2018-001.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11996.json b/2018/11xxx/CVE-2018-11996.json index 0ad71f19227..7bcaba656e1 100644 --- a/2018/11xxx/CVE-2018-11996.json +++ b/2018/11xxx/CVE-2018-11996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Storage" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "105838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Storage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "105838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105838" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3592.json b/2018/3xxx/CVE-2018-3592.json index cc2444ad7e9..12525859441 100644 --- a/2018/3xxx/CVE-2018-3592.json +++ b/2018/3xxx/CVE-2018-3592.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2018-3592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, added a change to check if the pointer has been reset to NULL or not, before writing to the memory pointed by the pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in MMCP" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2018-3592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, added a change to check if the pointer has been reset to NULL or not, before writing to the memory pointed by the pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in MMCP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3995.json b/2018/3xxx/CVE-2018-3995.json index ae4e4b648fb..081b7a0982f 100644 --- a/2018/3xxx/CVE-2018-3995.json +++ b/2018/3xxx/CVE-2018-3995.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663" + }, + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6443.json b/2018/6xxx/CVE-2018-6443.json index cc083e137fe..81ead6b1063 100644 --- a/2018/6xxx/CVE-2018-6443.json +++ b/2018/6xxx/CVE-2018-6443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "ID" : "CVE-2018-6443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade Network Advisor", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 14.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Hard-coded Credentials" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "ID": "CVE-2018-6443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade Network Advisor", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 14.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-743" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6644.json b/2018/6xxx/CVE-2018-6644.json index 1cd5904d993..b053e8403ef 100644 --- a/2018/6xxx/CVE-2018-6644.json +++ b/2018/6xxx/CVE-2018-6644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180207 Fwe: [scr459004] sfcb - 1.4.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/02/07/1" - }, - { - "name" : "103041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180207 Fwe: [scr459004] sfcb - 1.4.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/02/07/1" + }, + { + "name": "103041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103041" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7081.json b/2018/7xxx/CVE-2018-7081.json index 6e6d345538b..e876706cc4f 100644 --- a/2018/7xxx/CVE-2018-7081.json +++ b/2018/7xxx/CVE-2018-7081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7136.json b/2018/7xxx/CVE-2018-7136.json index fc7fb9f425f..9186bc92826 100644 --- a/2018/7xxx/CVE-2018-7136.json +++ b/2018/7xxx/CVE-2018-7136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7368.json b/2018/7xxx/CVE-2018-7368.json index 1dff5746897..a416b817e66 100644 --- a/2018/7xxx/CVE-2018-7368.json +++ b/2018/7xxx/CVE-2018-7368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7373.json b/2018/7xxx/CVE-2018-7373.json index 1e510f12cc8..0cea0ae0105 100644 --- a/2018/7xxx/CVE-2018-7373.json +++ b/2018/7xxx/CVE-2018-7373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7480.json b/2018/7xxx/CVE-2018-7480.json index 20280262429..e481a2b2458 100644 --- a/2018/7xxx/CVE-2018-7480.json +++ b/2018/7xxx/CVE-2018-7480.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258" - }, - { - "name" : "DSA-4188", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name" : "USN-3654-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-1/" - }, - { - "name" : "USN-3654-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-2/" - }, - { - "name" : "USN-3656-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3656-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258" + }, + { + "name": "USN-3654-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-1/" + }, + { + "name": "DSA-4188", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258" + }, + { + "name": "USN-3654-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-2/" + }, + { + "name": "USN-3656-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3656-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7498.json b/2018/7xxx/CVE-2018-7498.json index d9df696de7b..adedaea7af2 100644 --- a/2018/7xxx/CVE-2018-7498.json +++ b/2018/7xxx/CVE-2018-7498.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-03-27T00:00:00", - "ID" : "CVE-2018-7498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Philips Alice 6 System", - "version" : { - "version_data" : [ - { - "version_value" : "Version R8.0.2 or prior." - } - ] - } - } - ] - }, - "vendor_name" : "Philips" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-03-27T00:00:00", + "ID": "CVE-2018-7498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Philips Alice 6 System", + "version": { + "version_data": [ + { + "version_value": "Version R8.0.2 or prior." + } + ] + } + } + ] + }, + "vendor_name": "Philips" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01" - }, - { - "name" : "103537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01" + }, + { + "name": "103537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103537" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7921.json b/2018/7xxx/CVE-2018-7921.json index 75607684e6c..e128b38b7e4 100644 --- a/2018/7xxx/CVE-2018-7921.json +++ b/2018/7xxx/CVE-2018-7921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2018-7921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "B315s-22", - "version" : { - "version_data" : [ - { - "version_value" : "21.318.01.00.26" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2018-7921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "B315s-22", + "version": { + "version_data": [ + { + "version_value": "21.318.01.00.26" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45971", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45971/" - }, - { - "name" : "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20180903-01-b315s-en", - "refsource" : "CONFIRM", - "url" : "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20180903-01-b315s-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45971", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45971/" + }, + { + "name": "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20180903-01-b315s-en", + "refsource": "CONFIRM", + "url": "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20180903-01-b315s-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8129.json b/2018/8xxx/CVE-2018-8129.json index 6385376a6f9..086ea3e0155 100644 --- a/2018/8xxx/CVE-2018-8129.json +++ b/2018/8xxx/CVE-2018-8129.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8129", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8129" - }, - { - "name" : "104065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104065" - }, - { - "name" : "1040849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040849" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8129", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8129" + }, + { + "name": "104065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104065" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8290.json b/2018/8xxx/CVE-2018-8290.json index 5e000f64ce8..48baaf11ccf 100644 --- a/2018/8xxx/CVE-2018-8290.json +++ b/2018/8xxx/CVE-2018-8290.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290" - }, - { - "name" : "104644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104644" - }, - { - "name" : "1041256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041256" + }, + { + "name": "104644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104644" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8290" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8405.json b/2018/8xxx/CVE-2018-8405.json index a51246a7543..26211e456ca 100644 --- a/2018/8xxx/CVE-2018-8405.json +++ b/2018/8xxx/CVE-2018-8405.json @@ -1,155 +1,155 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405" - }, - { - "name" : "105011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105011" - }, - { - "name" : "1041461", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105011" + }, + { + "name": "1041461", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041461" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8482.json b/2018/8xxx/CVE-2018-8482.json index c4eb564c6db..a11051e7989 100644 --- a/2018/8xxx/CVE-2018-8482.json +++ b/2018/8xxx/CVE-2018-8482.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482" - }, - { - "name" : "105469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105469" - }, - { - "name" : "1041829", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105469" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8482" + }, + { + "name": "1041829", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041829" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8529.json b/2018/8xxx/CVE-2018-8529.json index 252acc568f5..a55bac65ac4 100644 --- a/2018/8xxx/CVE-2018-8529.json +++ b/2018/8xxx/CVE-2018-8529.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Team", - "version" : { - "version_data" : [ - { - "version_value" : "Foundation Server 2018 Update 1.1" - }, - { - "version_value" : "Foundation Server 2018 Update 3" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Team", + "version": { + "version_data": [ + { + "version_value": "Foundation Server 2018 Update 1.1" + }, + { + "version_value": "Foundation Server 2018 Update 3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529" - }, - { - "name" : "105910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka \"Team Foundation Server Remote Code Execution Vulnerability.\" This affects Team." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529" + }, + { + "name": "105910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105910" + } + ] + } +} \ No newline at end of file