From 99ade1d47db7f952c26e36eb92adf52d13b53611 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:06:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0662.json | 170 ++++++------- 2002/0xxx/CVE-2002-0734.json | 150 ++++++------ 2002/0xxx/CVE-2002-0938.json | 150 ++++++------ 2002/0xxx/CVE-2002-0949.json | 140 +++++------ 2002/2xxx/CVE-2002-2204.json | 140 +++++------ 2002/2xxx/CVE-2002-2211.json | 220 ++++++++--------- 2005/0xxx/CVE-2005-0340.json | 150 ++++++------ 2005/0xxx/CVE-2005-0373.json | 190 +++++++-------- 2005/0xxx/CVE-2005-0649.json | 130 +++++----- 2005/0xxx/CVE-2005-0817.json | 180 +++++++------- 2005/1xxx/CVE-2005-1400.json | 120 ++++----- 2005/1xxx/CVE-2005-1453.json | 150 ++++++------ 2005/1xxx/CVE-2005-1708.json | 170 ++++++------- 2009/0xxx/CVE-2009-0039.json | 180 +++++++------- 2009/0xxx/CVE-2009-0052.json | 170 ++++++------- 2009/0xxx/CVE-2009-0406.json | 150 ++++++------ 2009/0xxx/CVE-2009-0784.json | 190 +++++++-------- 2009/1xxx/CVE-2009-1199.json | 34 +-- 2009/1xxx/CVE-2009-1390.json | 170 ++++++------- 2009/1xxx/CVE-2009-1544.json | 140 +++++------ 2009/1xxx/CVE-2009-1573.json | 190 +++++++-------- 2009/1xxx/CVE-2009-1759.json | 250 +++++++++---------- 2009/1xxx/CVE-2009-1848.json | 130 +++++----- 2009/1xxx/CVE-2009-1994.json | 160 ++++++------ 2012/2xxx/CVE-2012-2017.json | 140 +++++------ 2012/2xxx/CVE-2012-2049.json | 140 +++++------ 2012/2xxx/CVE-2012-2625.json | 260 ++++++++++---------- 2012/3xxx/CVE-2012-3143.json | 430 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3198.json | 150 ++++++------ 2012/3xxx/CVE-2012-3255.json | 140 +++++------ 2012/3xxx/CVE-2012-3441.json | 190 +++++++-------- 2012/4xxx/CVE-2012-4348.json | 140 +++++------ 2012/6xxx/CVE-2012-6521.json | 130 +++++----- 2015/5xxx/CVE-2015-5161.json | 210 ++++++++-------- 2017/2xxx/CVE-2017-2215.json | 140 +++++------ 2017/2xxx/CVE-2017-2740.json | 122 +++++----- 2017/2xxx/CVE-2017-2758.json | 34 +-- 2018/11xxx/CVE-2018-11062.json | 144 +++++------ 2018/11xxx/CVE-2018-11092.json | 140 +++++------ 2018/11xxx/CVE-2018-11317.json | 34 +-- 2018/11xxx/CVE-2018-11844.json | 34 +-- 2018/14xxx/CVE-2018-14196.json | 34 +-- 2018/14xxx/CVE-2018-14350.json | 220 ++++++++--------- 2018/14xxx/CVE-2018-14532.json | 120 ++++----- 2018/14xxx/CVE-2018-14644.json | 156 ++++++------ 2018/14xxx/CVE-2018-14867.json | 34 +-- 2018/15xxx/CVE-2018-15102.json | 34 +-- 2018/15xxx/CVE-2018-15125.json | 128 +++++----- 2018/15xxx/CVE-2018-15644.json | 34 +-- 2018/20xxx/CVE-2018-20233.json | 134 +++++----- 2018/8xxx/CVE-2018-8112.json | 200 +++++++-------- 2018/8xxx/CVE-2018-8163.json | 140 +++++------ 2018/8xxx/CVE-2018-8871.json | 132 +++++----- 53 files changed, 3884 insertions(+), 3884 deletions(-) diff --git a/2002/0xxx/CVE-2002-0662.json b/2002/0xxx/CVE-2002-0662.json index 70628c26e90..d5d5218b375 100644 --- a/2002/0xxx/CVE-2002-0662.json +++ b/2002/0xxx/CVE-2002-0662.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020902 The ScrollKeeper Root Trap", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103098575826031&w=2" - }, - { - "name" : "DSA-160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-160" - }, - { - "name" : "RHSA-2002:186", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-186.html" - }, - { - "name" : "20020904 GLSA: scrollkeeper", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103115387102294&w=2" - }, - { - "name" : "scrollkeeper-tmp-file-symlink(10002)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10002.php" - }, - { - "name" : "5602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5602" + }, + { + "name": "scrollkeeper-tmp-file-symlink(10002)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10002.php" + }, + { + "name": "DSA-160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-160" + }, + { + "name": "20020904 GLSA: scrollkeeper", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103115387102294&w=2" + }, + { + "name": "RHSA-2002:186", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-186.html" + }, + { + "name": "20020902 The ScrollKeeper Root Trap", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103098575826031&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0734.json b/2002/0xxx/CVE-2002-0734.json index 3c3a150ab5b..f387a95c43f 100644 --- a/2002/0xxx/CVE-2002-0734.json +++ b/2002/0xxx/CVE-2002-0734.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020506 b2 php remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html" - }, - { - "name" : "http://cafelog.com/", - "refsource" : "CONFIRM", - "url" : "http://cafelog.com/" - }, - { - "name" : "4673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4673" - }, - { - "name" : "b2-b2inc-command-execution(9013)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9013.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cafelog.com/", + "refsource": "CONFIRM", + "url": "http://cafelog.com/" + }, + { + "name": "4673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4673" + }, + { + "name": "b2-b2inc-command-execution(9013)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9013.php" + }, + { + "name": "20020506 b2 php remote command execution", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0938.json b/2002/0xxx/CVE-2002-0938.json index e137d3ccfe3..41522b82e80 100644 --- a/2002/0xxx/CVE-2002-0938.json +++ b/2002/0xxx/CVE-2002-0938.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020614 XSS in CiscoSecure ACS v3.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html" - }, - { - "name" : "20020621 Re: XSS in CiscoSecure ACS v3.0", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/278222" - }, - { - "name" : "5026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5026" - }, - { - "name" : "ciscosecure-web-css(9353)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9353.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscosecure-web-css(9353)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9353.php" + }, + { + "name": "20020614 XSS in CiscoSecure ACS v3.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html" + }, + { + "name": "20020621 Re: XSS in CiscoSecure ACS v3.0", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/278222" + }, + { + "name": "5026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5026" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0949.json b/2002/0xxx/CVE-2002-0949.json index 783e6f4f4eb..0bcc8cfd15b 100644 --- a/2002/0xxx/CVE-2002-0949.json +++ b/2002/0xxx/CVE-2002-0949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020605 Some vulnerabilities in the Telindus 11xx router series", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html" - }, - { - "name" : "4946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4946" - }, - { - "name" : "telindus-adsl-information-leak(9277)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9277.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4946" + }, + { + "name": "telindus-adsl-information-leak(9277)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9277.php" + }, + { + "name": "20020605 Some vulnerabilities in the Telindus 11xx router series", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2204.json b/2002/2xxx/CVE-2002-2204.json index 91cad354c0b..39a2043e12a 100644 --- a/2002/2xxx/CVE-2002-2204.json +++ b/2002/2xxx/CVE-2002-2204.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020829 RPM verification", - "refsource" : "FULLDISC", - "url" : "http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html" - }, - { - "name" : "5594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5594" - }, - { - "name" : "rpm-improper-sig-verification(10011)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10011.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5594" + }, + { + "name": "rpm-improper-sig-verification(10011)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10011.php" + }, + { + "name": "20020829 RPM verification", + "refsource": "FULLDISC", + "url": "http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2211.json b/2002/2xxx/CVE-2002-2211.json index 9d68a009385..20228ceda5e 100644 --- a/2002/2xxx/CVE-2002-2211.json +++ b/2002/2xxx/CVE-2002-2211.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html", - "refsource" : "MISC", - "url" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html" - }, - { - "name" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf", - "refsource" : "MISC", - "url" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP" - }, - { - "name" : "2002-11-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" - }, - { - "name" : "VU#457875", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/457875" - }, - { - "name" : "HPSBUX02117", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434523/100/0/threaded" - }, - { - "name" : "SSRT2400", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434523/100/0/threaded" - }, - { - "name" : "ADV-2006-1923", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1923" - }, - { - "name" : "20217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20217" + }, + { + "name": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf", + "refsource": "MISC", + "url": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf" + }, + { + "name": "HPSBUX02117", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434523/100/0/threaded" + }, + { + "name": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP" + }, + { + "name": "VU#457875", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/457875" + }, + { + "name": "SSRT2400", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434523/100/0/threaded" + }, + { + "name": "ADV-2006-1923", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1923" + }, + { + "name": "2002-11-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U" + }, + { + "name": "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ" + }, + { + "name": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html", + "refsource": "MISC", + "url": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0340.json b/2005/0xxx/CVE-2005-0340.json index d39f8ba97b5..22aff5b73fb 100644 --- a/2005/0xxx/CVE-2005-0340.json +++ b/2005/0xxx/CVE-2005-0340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050208 AppleFileServer Denial of Service.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110791369419784&w=2" - }, - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "12478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12478" - }, - { - "name" : "Applefileserver-fploginext-dos(19263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050208 AppleFileServer Denial of Service.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110791369419784&w=2" + }, + { + "name": "12478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12478" + }, + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "Applefileserver-fploginext-dos(19263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19263" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0373.json b/2005/0xxx/CVE-2005-0373.json index 66ae793652f..52d92c5e927 100644 --- a/2005/0xxx/CVE-2005-0373.json +++ b/2005/0xxx/CVE-2005-0373.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup" - }, - { - "name" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171" - }, - { - "name" : "[openbsd-ports] 20040717 UPDATE: cyrus-sasl-2.1.19", - "refsource" : "MLIST", - "url" : "http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html" - }, - { - "name" : "GLSA-200410-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml" - }, - { - "name" : "MDKSA-2005:054", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:054" - }, - { - "name" : "SUSE-SR:2005:006", - "refsource" : "SUSE", - "url" : "http://www.linuxcompatible.org/print42495.html" - }, - { - "name" : "11347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11347" - }, - { - "name" : "cyrus-sasl-digestmda5-bo(17642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:006", + "refsource": "SUSE", + "url": "http://www.linuxcompatible.org/print42495.html" + }, + { + "name": "MDKSA-2005:054", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:054" + }, + { + "name": "[openbsd-ports] 20040717 UPDATE: cyrus-sasl-2.1.19", + "refsource": "MLIST", + "url": "http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html" + }, + { + "name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup", + "refsource": "CONFIRM", + "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup" + }, + { + "name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171", + "refsource": "CONFIRM", + "url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171" + }, + { + "name": "11347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11347" + }, + { + "name": "GLSA-200410-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml" + }, + { + "name": "cyrus-sasl-digestmda5-bo(17642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17642" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0649.json b/2005/0xxx/CVE-2005-0649.json index aab9c946f03..429c83aeeeb 100644 --- a/2005/0xxx/CVE-2005-0649.json +++ b/2005/0xxx/CVE-2005-0649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via \"hexadecimal HTML entities.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pixel-apes.com/safehtml/feed", - "refsource" : "CONFIRM", - "url" : "http://pixel-apes.com/safehtml/feed" - }, - { - "name" : "13869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via \"hexadecimal HTML entities.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13869" + }, + { + "name": "http://pixel-apes.com/safehtml/feed", + "refsource": "CONFIRM", + "url": "http://pixel-apes.com/safehtml/feed" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0817.json b/2005/0xxx/CVE-2005-0817.json index d227c1b0d40..f5bb226ca85 100644 --- a/2005/0xxx/CVE-2005-0817.json +++ b/2005/0xxx/CVE-2005-0817.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040615 Symantec Enterprise Firewall DNSD cache poisoning Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html" - }, - { - "name" : "http://www.isc.sans.org/diary.php?date=2005-03-04", - "refsource" : "MISC", - "url" : "http://www.isc.sans.org/diary.php?date=2005-03-04" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html" - }, - { - "name" : "1013451", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013451" - }, - { - "name" : "14595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14595" - }, - { - "name" : "sef-dns-spoofing(16423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16423" - }, - { - "name" : "symantec-dnsdproxy-redirect(44530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sef-dns-spoofing(16423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16423" + }, + { + "name": "http://www.isc.sans.org/diary.php?date=2005-03-04", + "refsource": "MISC", + "url": "http://www.isc.sans.org/diary.php?date=2005-03-04" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html" + }, + { + "name": "symantec-dnsdproxy-redirect(44530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44530" + }, + { + "name": "1013451", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013451" + }, + { + "name": "20040615 Symantec Enterprise Firewall DNSD cache poisoning Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html" + }, + { + "name": "14595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14595" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1400.json b/2005/1xxx/CVE-2005-1400.json index 8b3bb576ec1..962fcc923d2 100644 --- a/2005/1xxx/CVE-2005-1400.json +++ b/2005/1xxx/CVE-2005-1400.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-05:07", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-05:07", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1453.json b/2005/1xxx/CVE-2005-1453.json index 5c6923f2840..0168dff258c 100644 --- a/2005/1xxx/CVE-2005-1453.json +++ b/2005/1xxx/CVE-2005-1453.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt", - "refsource" : "CONFIRM", - "url" : "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt" - }, - { - "name" : "20050504 leafnode security announcement leafnode-SA-2005-01", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html" - }, - { - "name" : "ADV-2005-0468", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0468" - }, - { - "name" : "15252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt", + "refsource": "CONFIRM", + "url": "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt" + }, + { + "name": "ADV-2005-0468", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0468" + }, + { + "name": "20050504 leafnode security announcement leafnode-SA-2005-01", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html" + }, + { + "name": "15252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15252" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1708.json b/2005/1xxx/CVE-2005-1708.json index 7f590509c33..0113f7af49d 100644 --- a/2005/1xxx/CVE-2005-1708.json +++ b/2005/1xxx/CVE-2005-1708.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 Blue Coat Reporter multiple remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111695726810435&w=2" - }, - { - "name" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html", - "refsource" : "CONFIRM", - "url" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html" - }, - { - "name" : "13723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13723" - }, - { - "name" : "ADV-2005-0589", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0589" - }, - { - "name" : "16763", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16763" - }, - { - "name" : "15452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15452" + }, + { + "name": "20050524 Blue Coat Reporter multiple remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111695726810435&w=2" + }, + { + "name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html", + "refsource": "CONFIRM", + "url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html" + }, + { + "name": "16763", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16763" + }, + { + "name": "13723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13723" + }, + { + "name": "ADV-2005-0589", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0589" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0039.json b/2009/0xxx/CVE-2009-0039.json index 04943c8bc2e..06674234621 100644 --- a/2009/0xxx/CVE-2009-0039.json +++ b/2009/0xxx/CVE-2009-0039.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502735/100/0/threaded" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=120", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=120" - }, - { - "name" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214" - }, - { - "name" : "http://issues.apache.org/jira/browse/GERONIMO-4597", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/jira/browse/GERONIMO-4597" - }, - { - "name" : "34562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34562" - }, - { - "name" : "34715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34715" - }, - { - "name" : "ADV-2009-1089", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214" + }, + { + "name": "ADV-2009-1089", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1089" + }, + { + "name": "34562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34562" + }, + { + "name": "http://issues.apache.org/jira/browse/GERONIMO-4597", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/jira/browse/GERONIMO-4597" + }, + { + "name": "34715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34715" + }, + { + "name": "20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502735/100/0/threaded" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=120", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=120" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0052.json b/2009/0xxx/CVE-2009-0052.json index 94fe73cf157..6d30b1fff0d 100644 --- a/2009/0xxx/CVE-2009-0052.json +++ b/2009/0xxx/CVE-2009-0052.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091110 Atheros Driver Reserved Frame Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507777/100/0/threaded" - }, - { - "name" : "36991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36991" - }, - { - "name" : "59880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59880" - }, - { - "name" : "37344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37344" - }, - { - "name" : "ADV-2009-3212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3212" - }, - { - "name" : "netgear-wndap330-frame-dos(54216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36991" + }, + { + "name": "20091110 Atheros Driver Reserved Frame Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded" + }, + { + "name": "ADV-2009-3212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3212" + }, + { + "name": "37344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37344" + }, + { + "name": "59880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59880" + }, + { + "name": "netgear-wndap330-frame-dos(54216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0406.json b/2009/0xxx/CVE-2009-0406.json index 4552c4aadb3..e558c420e94 100644 --- a/2009/0xxx/CVE-2009-0406.json +++ b/2009/0xxx/CVE-2009-0406.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7892", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7892" - }, - { - "name" : "33484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33484" - }, - { - "name" : "ADV-2009-0265", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0265" - }, - { - "name" : "communitycms-index-sql-injection(48304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7892", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7892" + }, + { + "name": "33484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33484" + }, + { + "name": "communitycms-index-sql-injection(48304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48304" + }, + { + "name": "ADV-2009-0265", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0265" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0784.json b/2009/0xxx/CVE-2009-0784.json index 7eb4164323b..25d4457184a 100644 --- a/2009/0xxx/CVE-2009-0784.json +++ b/2009/0xxx/CVE-2009-0784.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm" - }, - { - "name" : "DSA-1755", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1755" - }, - { - "name" : "RHSA-2009:0373", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0373.html" - }, - { - "name" : "oval:org.mitre.oval:def:11613", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613" - }, - { - "name" : "34441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34441" - }, - { - "name" : "34479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34479" - }, - { - "name" : "34548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34548" - }, - { - "name" : "ADV-2009-0907", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1755", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1755" + }, + { + "name": "34479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34479" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm" + }, + { + "name": "oval:org.mitre.oval:def:11613", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613" + }, + { + "name": "RHSA-2009:0373", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html" + }, + { + "name": "34548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34548" + }, + { + "name": "ADV-2009-0907", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0907" + }, + { + "name": "34441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34441" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1199.json b/2009/1xxx/CVE-2009-1199.json index 7e5751b9077..a7a49fc0192 100644 --- a/2009/1xxx/CVE-2009-1199.json +++ b/2009/1xxx/CVE-2009-1199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1390.json b/2009/1xxx/CVE-2009-1390.json index 5120371518e..935ac889d28 100644 --- a/2009/1xxx/CVE-2009-1390.json +++ b/2009/1xxx/CVE-2009-1390.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/06/10/2" - }, - { - "name" : "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a", - "refsource" : "CONFIRM", - "url" : "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a" - }, - { - "name" : "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770", - "refsource" : "CONFIRM", - "url" : "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770" - }, - { - "name" : "FEDORA-2009-6465", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html" - }, - { - "name" : "35288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35288" - }, - { - "name" : "mutt-x509-security-bypass(51068)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35288" + }, + { + "name": "FEDORA-2009-6465", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html" + }, + { + "name": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a", + "refsource": "CONFIRM", + "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a" + }, + { + "name": "mutt-x509-security-bypass(51068)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068" + }, + { + "name": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770", + "refsource": "CONFIRM", + "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770" + }, + { + "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1544.json b/2009/1xxx/CVE-2009-1544.json index adbe6538192..6862a3a13a9 100644 --- a/2009/1xxx/CVE-2009-1544.json +++ b/2009/1xxx/CVE-2009-1544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka \"Workstation Service Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041" - }, - { - "name" : "TA09-223A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6286", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka \"Workstation Service Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA09-223A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" + }, + { + "name": "MS09-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041" + }, + { + "name": "oval:org.mitre.oval:def:6286", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1573.json b/2009/1xxx/CVE-2009-1573.json index 684e2bc3414..ac96b92fc59 100644 --- a/2009/1xxx/CVE-2009-1573.json +++ b/2009/1xxx/CVE-2009-1573.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/05/2" - }, - { - "name" : "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/05/4" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678" - }, - { - "name" : "USN-939-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-939-1" - }, - { - "name" : "34828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34828" - }, - { - "name" : "39834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39834" - }, - { - "name" : "ADV-2010-1185", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1185" - }, - { - "name" : "xvfbrun-magiccookie-info-disclosure(50348)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2" + }, + { + "name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678" + }, + { + "name": "39834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39834" + }, + { + "name": "34828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34828" + }, + { + "name": "xvfbrun-magiccookie-info-disclosure(50348)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348" + }, + { + "name": "ADV-2010-1185", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1185" + }, + { + "name": "USN-939-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-939-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1759.json b/2009/1xxx/CVE-2009-1759.json index a28ba1525f3..a36134d813f 100644 --- a/2009/1xxx/CVE-2009-1759.json +++ b/2009/1xxx/CVE-2009-1759.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8470", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8470" - }, - { - "name" : "[oss-security] 20090520 CVE request: ctorrent", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/20/3" - }, - { - "name" : "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch", - "refsource" : "CONFIRM", - "url" : "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=501813", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=501813" - }, - { - "name" : "DSA-1817", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1817" - }, - { - "name" : "FEDORA-2009-8897", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html" - }, - { - "name" : "FEDORA-2009-8969", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html" - }, - { - "name" : "34584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34584" - }, - { - "name" : "34752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34752" - }, - { - "name" : "35499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35499" - }, - { - "name" : "36471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36471" - }, - { - "name" : "ADV-2009-1092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1092" - }, - { - "name" : "ctorrent-btfiles-bo(49959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-8969", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=501813", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=501813" + }, + { + "name": "ADV-2009-1092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1092" + }, + { + "name": "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch", + "refsource": "CONFIRM", + "url": "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch" + }, + { + "name": "8470", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8470" + }, + { + "name": "ctorrent-btfiles-bo(49959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49959" + }, + { + "name": "34752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34752" + }, + { + "name": "[oss-security] 20090520 CVE request: ctorrent", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/20/3" + }, + { + "name": "34584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34584" + }, + { + "name": "DSA-1817", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1817" + }, + { + "name": "FEDORA-2009-8897", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html" + }, + { + "name": "36471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36471" + }, + { + "name": "35499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35499" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1848.json b/2009/1xxx/CVE-2009-1848.json index 8f928b7d44a..57e6684f57b 100644 --- a/2009/1xxx/CVE-2009-1848.json +++ b/2009/1xxx/CVE-2009-1848.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8814", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8814" - }, - { - "name" : "35118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35118" + }, + { + "name": "8814", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8814" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1994.json b/2009/1xxx/CVE-2009-1994.json index 05f4a4738fd..1f501c6756d 100644 --- a/2009/1xxx/CVE-2009-1994.json +++ b/2009/1xxx/CVE-2009-1994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36744" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36744" + }, + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2017.json b/2012/2xxx/CVE-2012-2017.json index eb5c1ec5cdf..8dc42ae2337 100644 --- a/2012/2xxx/CVE-2012-2017.json +++ b/2012/2xxx/CVE-2012-2017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02794", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414" - }, - { - "name" : "SSRT100542", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414" - }, - { - "name" : "1027213", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02794", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414" + }, + { + "name": "SSRT100542", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414" + }, + { + "name": "1027213", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027213" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2049.json b/2012/2xxx/CVE-2012-2049.json index 89c3c743aca..aed7391f366 100644 --- a/2012/2xxx/CVE-2012-2049.json +++ b/2012/2xxx/CVE-2012-2049.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-2049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "oval:org.mitre.oval:def:15463", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15463", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15463" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2625.json b/2012/2xxx/CVE-2012-2625.json index c21c77b9686..041feb5067f 100644 --- a/2012/2xxx/CVE-2012-2625.json +++ b/2012/2xxx/CVE-2012-2625.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/26/3" - }, - { - "name" : "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817", - "refsource" : "MISC", - "url" : "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817" - }, - { - "name" : "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe" - }, - { - "name" : "RHSA-2012:1130", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1130.html" - }, - { - "name" : "openSUSE-SU-2012:1172", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" - }, - { - "name" : "SUSE-SU-2012:1043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" - }, - { - "name" : "SUSE-SU-2012:1044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" - }, - { - "name" : "SUSE-SU-2012:1135", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "53650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53650" - }, - { - "name" : "1027090", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027090" - }, - { - "name" : "49184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49184" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/26/3" + }, + { + "name": "RHSA-2012:1130", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1130.html" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817", + "refsource": "MISC", + "url": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817" + }, + { + "name": "SUSE-SU-2012:1135", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html" + }, + { + "name": "SUSE-SU-2012:1044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html" + }, + { + "name": "53650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53650" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "1027090", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027090" + }, + { + "name": "SUSE-SU-2012:1043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html" + }, + { + "name": "openSUSE-SU-2012:1174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" + }, + { + "name": "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe", + "refsource": "CONFIRM", + "url": "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + }, + { + "name": "49184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49184" + }, + { + "name": "openSUSE-SU-2012:1172", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3143.json b/2012/3xxx/CVE-2012-3143.json index 507d8143e8d..c924caf6c7e 100644 --- a/2012/3xxx/CVE-2012-3143.json +++ b/2012/3xxx/CVE-2012-3143.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "SUSE-SU-2012:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" - }, - { - "name" : "56055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56055" - }, - { - "name" : "oval:org.mitre.oval:def:16686", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16686" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51315" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "javaruntimeenvironment-jmx-cve20123143(79419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "51315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51315" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "56055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56055" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "oval:org.mitre.oval:def:16686", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16686" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "SUSE-SU-2012:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "javaruntimeenvironment-jmx-cve20123143(79419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79419" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3198.json b/2012/3xxx/CVE-2012-3198.json index 2ff6e63028c..3479a999bba 100644 --- a/2012/3xxx/CVE-2012-3198.json +++ b/2012/3xxx/CVE-2012-3198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027671" - }, - { - "name" : "51001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51001" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027671" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3255.json b/2012/3xxx/CVE-2012-3255.json index 824b166bd02..7621c19e68b 100644 --- a/2012/3xxx/CVE-2012-3255.json +++ b/2012/3xxx/CVE-2012-3255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02811", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" - }, - { - "name" : "SSRT100937", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" - }, - { - "name" : "85250", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100937", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" + }, + { + "name": "HPSBMU02811", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750" + }, + { + "name": "85250", + "refsource": "OSVDB", + "url": "http://osvdb.org/85250" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3441.json b/2012/3xxx/CVE-2012-3441.json index 15370a77572..ae27f890f01 100644 --- a/2012/3xxx/CVE-2012-3441.json +++ b/2012/3xxx/CVE-2012-3441.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120730 CVE Request: icinga sample db creation scripts", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/30/6" - }, - { - "name" : "[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/30/7" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=767319", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=767319" - }, - { - "name" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63", - "refsource" : "CONFIRM", - "url" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63" - }, - { - "name" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281", - "refsource" : "CONFIRM", - "url" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281" - }, - { - "name" : "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab", - "refsource" : "CONFIRM", - "url" : "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab" - }, - { - "name" : "openSUSE-SU-2012:0968", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html" - }, - { - "name" : "icinga-database-sec-bypass(78874)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/30/7" + }, + { + "name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281", + "refsource": "CONFIRM", + "url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281" + }, + { + "name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63", + "refsource": "CONFIRM", + "url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63" + }, + { + "name": "[oss-security] 20120730 CVE Request: icinga sample db creation scripts", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/30/6" + }, + { + "name": "icinga-database-sec-bypass(78874)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78874" + }, + { + "name": "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab", + "refsource": "CONFIRM", + "url": "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab" + }, + { + "name": "openSUSE-SU-2012:0968", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=767319", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=767319" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4348.json b/2012/4xxx/CVE-2012-4348.json index 80c30166c2e..c1a7096fead 100644 --- a/2012/4xxx/CVE-2012-4348.json +++ b/2012/4xxx/CVE-2012-4348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00" - }, - { - "name" : "56846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56846" - }, - { - "name" : "1027863", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00" + }, + { + "name": "56846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56846" + }, + { + "name": "1027863", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027863" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6521.json b/2012/6xxx/CVE-2012-6521.json index 1991e84c867..b49442ec890 100644 --- a/2012/6xxx/CVE-2012-6521.json +++ b/2012/6xxx/CVE-2012-6521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html" - }, - { - "name" : "48118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html" + }, + { + "name": "48118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48118" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5161.json b/2015/5xxx/CVE-2015-5161.json index 7ec66ffec8f..9c6d1aaaf1e 100644 --- a/2015/5xxx/CVE-2015-5161.json +++ b/2015/5xxx/CVE-2015-5161.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37765/" - }, - { - "name" : "20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Aug/46" - }, - { - "name" : "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt", - "refsource" : "MISC", - "url" : "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2015-06", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2015-06" - }, - { - "name" : "DSA-3340", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3340" - }, - { - "name" : "FEDORA-2015-13314", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html" - }, - { - "name" : "FEDORA-2015-13488", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html" - }, - { - "name" : "FEDORA-2015-13529", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html" - }, - { - "name" : "76177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html" + }, + { + "name": "FEDORA-2015-13488", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html" + }, + { + "name": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt", + "refsource": "MISC", + "url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt" + }, + { + "name": "76177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76177" + }, + { + "name": "FEDORA-2015-13529", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html" + }, + { + "name": "37765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37765/" + }, + { + "name": "FEDORA-2015-13314", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html" + }, + { + "name": "DSA-3340", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3340" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2015-06", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2015-06" + }, + { + "name": "20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Aug/46" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2215.json b/2017/2xxx/CVE-2017-2215.json index e631004d382..233ac333c02 100644 --- a/2017/2xxx/CVE-2017-2215.json +++ b/2017/2xxx/CVE-2017-2215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of \"Setup file of advance preparation\" (jizen_setup.exe)", - "version" : { - "version_data" : [ - { - "version_value" : "(The version which was available on the website prior to 2017 June 12)" - } - ] - } - } - ] - }, - "vendor_name" : "National Tax Agency" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of \"Setup file of advance preparation\" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of \"Setup file of advance preparation\" (jizen_setup.exe)", + "version": { + "version_data": [ + { + "version_value": "(The version which was available on the website prior to 2017 June 12)" + } + ] + } + } + ] + }, + "vendor_name": "National Tax Agency" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.e-tax.nta.go.jp/topics/topics_290525.htm", - "refsource" : "MISC", - "url" : "http://www.e-tax.nta.go.jp/topics/topics_290525.htm" - }, - { - "name" : "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html", - "refsource" : "MISC", - "url" : "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html" - }, - { - "name" : "JVN#34508179", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN34508179/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of \"Setup file of advance preparation\" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#34508179", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN34508179/index.html" + }, + { + "name": "http://www.e-tax.nta.go.jp/topics/topics_290525.htm", + "refsource": "MISC", + "url": "http://www.e-tax.nta.go.jp/topics/topics_290525.htm" + }, + { + "name": "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html", + "refsource": "MISC", + "url": "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2740.json b/2017/2xxx/CVE-2017-2740.json index ebf9b7f2685..9a1e938c434 100644 --- a/2017/2xxx/CVE-2017-2740.json +++ b/2017/2xxx/CVE-2017-2740.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "hp-security-alert@hp.com", - "DATE_PUBLIC" : "2017-01-17T00:00:00", - "ID" : "CVE-2017-2740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP ThinPro", - "version" : { - "version_data" : [ - { - "version_value" : "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4" - } - ] - } - } - ] - }, - "vendor_name" : "HP Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "DATE_PUBLIC": "2017-01-17T00:00:00", + "ID": "CVE-2017-2740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP ThinPro", + "version": { + "version_data": [ + { + "version_value": "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4" + } + ] + } + } + ] + }, + "vendor_name": "HP Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF03553", - "refsource" : "HP", - "url" : "https://support.hp.com/us-en/document/c05379294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBHF03553", + "refsource": "HP", + "url": "https://support.hp.com/us-en/document/c05379294" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2758.json b/2017/2xxx/CVE-2017-2758.json index 20adb4ebd07..c63cd0db52b 100644 --- a/2017/2xxx/CVE-2017-2758.json +++ b/2017/2xxx/CVE-2017-2758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2758", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2758", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11062.json b/2018/11xxx/CVE-2018-11062.json index 48900f96b7f..239b0fcab1e 100644 --- a/2018/11xxx/CVE-2018-11062.json +++ b/2018/11xxx/CVE-2018-11062.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-10-29T16:00:00.000Z", - "ID" : "CVE-2018-11062", - "STATE" : "PUBLIC", - "TITLE" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Integrated Data Protection Appliance", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "2.X", - "version_value" : "2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-10-29T16:00:00.000Z", + "ID": "CVE-2018-11062", + "STATE": "PUBLIC", + "TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Integrated Data Protection Appliance", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.X", + "version_value": "2.3" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Oct/53" - }, - { - "name" : "105764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105764" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Oct/53" + }, + { + "name": "105764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105764" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11092.json b/2018/11xxx/CVE-2018-11092.json index 5fdd1ea4a59..b236eac5ed0 100644 --- a/2018/11xxx/CVE-2018-11092.json +++ b/2018/11xxx/CVE-2018-11092.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44624", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44624/" - }, - { - "name" : "https://community.mybb.com/mods.php?action=changelog&pid=1106", - "refsource" : "CONFIRM", - "url" : "https://community.mybb.com/mods.php?action=changelog&pid=1106" - }, - { - "name" : "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split", - "refsource" : "CONFIRM", - "url" : "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.mybb.com/mods.php?action=changelog&pid=1106", + "refsource": "CONFIRM", + "url": "https://community.mybb.com/mods.php?action=changelog&pid=1106" + }, + { + "name": "44624", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44624/" + }, + { + "name": "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split", + "refsource": "CONFIRM", + "url": "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11317.json b/2018/11xxx/CVE-2018-11317.json index 3c9488c3843..7990dafe51e 100644 --- a/2018/11xxx/CVE-2018-11317.json +++ b/2018/11xxx/CVE-2018-11317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11844.json b/2018/11xxx/CVE-2018-11844.json index 0c255265e42..abb17a78eae 100644 --- a/2018/11xxx/CVE-2018-11844.json +++ b/2018/11xxx/CVE-2018-11844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14196.json b/2018/14xxx/CVE-2018-14196.json index 6d3486569aa..e84bc7cc67f 100644 --- a/2018/14xxx/CVE-2018-14196.json +++ b/2018/14xxx/CVE-2018-14196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14350.json b/2018/14xxx/CVE-2018-14350.json index 06ef9ccf41a..583f0b5d58d 100644 --- a/2018/14xxx/CVE-2018-14350.json +++ b/2018/14xxx/CVE-2018-14350.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" - }, - { - "name" : "http://www.mutt.org/news.html", - "refsource" : "MISC", - "url" : "http://www.mutt.org/news.html" - }, - { - "name" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", - "refsource" : "MISC", - "url" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" - }, - { - "name" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", - "refsource" : "MISC", - "url" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" - }, - { - "name" : "https://neomutt.org/2018/07/16/release", - "refsource" : "MISC", - "url" : "https://neomutt.org/2018/07/16/release" - }, - { - "name" : "DSA-4277", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4277" - }, - { - "name" : "GLSA-201810-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-07" - }, - { - "name" : "USN-3719-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3719-1/" - }, - { - "name" : "USN-3719-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3719-2/" - }, - { - "name" : "USN-3719-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3719-3/" - }, - { - "name" : "104931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104931" + }, + { + "name": "USN-3719-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3719-3/" + }, + { + "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", + "refsource": "MISC", + "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" + }, + { + "name": "DSA-4277", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4277" + }, + { + "name": "USN-3719-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3719-2/" + }, + { + "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" + }, + { + "name": "GLSA-201810-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-07" + }, + { + "name": "http://www.mutt.org/news.html", + "refsource": "MISC", + "url": "http://www.mutt.org/news.html" + }, + { + "name": "https://neomutt.org/2018/07/16/release", + "refsource": "MISC", + "url": "https://neomutt.org/2018/07/16/release" + }, + { + "name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", + "refsource": "MISC", + "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" + }, + { + "name": "USN-3719-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3719-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14532.json b/2018/14xxx/CVE-2018-14532.json index 63c08712b7c..971d3fbb5d5 100644 --- a/2018/14xxx/CVE-2018-14532.json +++ b/2018/14xxx/CVE-2018-14532.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/294", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/294", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/294" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14644.json b/2018/14xxx/CVE-2018-14644.json index df76e70ab83..e74c3af6f8f 100644 --- a/2018/14xxx/CVE-2018-14644.json +++ b/2018/14xxx/CVE-2018-14644.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pdns", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.9" - }, - { - "version_value" : "4.1.5" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pdns", + "version": { + "version_data": [ + { + "version_value": "4.0.9" + }, + { + "version_value": "4.1.5" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644" - }, - { - "name" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html", - "refsource" : "CONFIRM", - "url" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html", + "refsource": "CONFIRM", + "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14867.json b/2018/14xxx/CVE-2018-14867.json index 45c0879c258..3d05222402e 100644 --- a/2018/14xxx/CVE-2018-14867.json +++ b/2018/14xxx/CVE-2018-14867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15102.json b/2018/15xxx/CVE-2018-15102.json index fe546c92707..31769d83673 100644 --- a/2018/15xxx/CVE-2018-15102.json +++ b/2018/15xxx/CVE-2018-15102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15125.json b/2018/15xxx/CVE-2018-15125.json index 3cef17959bc..3a9bec83430 100644 --- a/2018/15xxx/CVE-2018-15125.json +++ b/2018/15xxx/CVE-2018-15125.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-08-08T00:00:00", - "ID" : "CVE-2018-15125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zipato Zipabox Smart Home Controller", - "version" : { - "version_data" : [ - { - "version_value" : "BOARD REV - 1" - }, - { - "version_value" : "SYSTEM Version -118" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sensitive Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-08-08T00:00:00", + "ID": "CVE-2018-15125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zipato Zipabox Smart Home Controller", + "version": { + "version_data": [ + { + "version_value": "BOARD REV - 1" + }, + { + "version_value": "SYSTEM Version -118" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15644.json b/2018/15xxx/CVE-2018-15644.json index aa56b2f9c1d..914e77b9bd9 100644 --- a/2018/15xxx/CVE-2018-15644.json +++ b/2018/15xxx/CVE-2018-15644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20233.json b/2018/20xxx/CVE-2018-20233.json index 8d55990d846..623b7225f0f 100644 --- a/2018/20xxx/CVE-2018-20233.json +++ b/2018/20xxx/CVE-2018-20233.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2019-01-17T00:00:00", - "ID" : "CVE-2018-20233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Universal Plugin Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "2.22.14" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of XML External Entity Reference ('XXE')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-01-17T00:00:00", + "ID": "CVE-2018-20233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Plugin Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.22.14" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ecosystem.atlassian.net/browse/UPM-5964", - "refsource" : "CONFIRM", - "url" : "https://ecosystem.atlassian.net/browse/UPM-5964" - }, - { - "name" : "106661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106661" + }, + { + "name": "https://ecosystem.atlassian.net/browse/UPM-5964", + "refsource": "CONFIRM", + "url": "https://ecosystem.atlassian.net/browse/UPM-5964" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8112.json b/2018/8xxx/CVE-2018-8112.json index a29e06bc48c..5689f31a043 100644 --- a/2018/8xxx/CVE-2018-8112.json +++ b/2018/8xxx/CVE-2018-8112.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112" - }, - { - "name" : "103963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103963" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112" + }, + { + "name": "103963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103963" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8163.json b/2018/8xxx/CVE-2018-8163.json index a36f87e3f83..160513a0f04 100644 --- a/2018/8xxx/CVE-2018-8163.json +++ b/2018/8xxx/CVE-2018-8163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2018-8163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Excel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163" - }, - { - "name" : "104059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104059" - }, - { - "name" : "1040857", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Excel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040857", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040857" + }, + { + "name": "104059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104059" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8871.json b/2018/8xxx/CVE-2018-8871.json index 2c44644ded1..426bd07e061 100644 --- a/2018/8xxx/CVE-2018-8871.json +++ b/2018/8xxx/CVE-2018-8871.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-17T00:00:00", - "ID" : "CVE-2018-8871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Automation TPEditor", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.89 or prior" - } - ] - } - } - ] - }, - "vendor_name" : "Delta Electronics" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HEAP-BASED BUFFER OVERFLOW CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-17T00:00:00", + "ID": "CVE-2018-8871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automation TPEditor", + "version": { + "version_data": [ + { + "version_value": "Version 1.89 or prior" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04" - }, - { - "name" : "104216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104216" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04" + } + ] + } +} \ No newline at end of file