From a56dc48ce3792cffea13dfcdcd80481993d77306 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:27:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0306.json | 130 ++++++------- 2002/0xxx/CVE-2002-0471.json | 140 +++++++------- 2002/2xxx/CVE-2002-2038.json | 130 ++++++------- 2002/2xxx/CVE-2002-2233.json | 140 +++++++------- 2005/0xxx/CVE-2005-0209.json | 180 ++++++++--------- 2005/1xxx/CVE-2005-1101.json | 170 ++++++++--------- 2005/1xxx/CVE-2005-1388.json | 140 +++++++------- 2005/1xxx/CVE-2005-1555.json | 140 +++++++------- 2005/1xxx/CVE-2005-1586.json | 150 +++++++-------- 2005/1xxx/CVE-2005-1782.json | 230 +++++++++++----------- 2005/1xxx/CVE-2005-1927.json | 34 ++-- 2009/0xxx/CVE-2009-0441.json | 150 +++++++-------- 2009/0xxx/CVE-2009-0567.json | 34 ++-- 2009/1xxx/CVE-2009-1213.json | 210 ++++++++++---------- 2009/1xxx/CVE-2009-1556.json | 150 +++++++-------- 2009/1xxx/CVE-2009-1581.json | 340 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1804.json | 140 +++++++------- 2009/1xxx/CVE-2009-1821.json | 140 +++++++------- 2009/1xxx/CVE-2009-1879.json | 170 ++++++++--------- 2012/2xxx/CVE-2012-2109.json | 170 ++++++++--------- 2012/2xxx/CVE-2012-2405.json | 140 +++++++------- 2012/2xxx/CVE-2012-2411.json | 160 ++++++++-------- 2012/3xxx/CVE-2012-3000.json | 190 +++++++++--------- 2012/3xxx/CVE-2012-3028.json | 140 +++++++------- 2012/3xxx/CVE-2012-3303.json | 34 ++-- 2012/3xxx/CVE-2012-3808.json | 34 ++-- 2012/3xxx/CVE-2012-3820.json | 160 ++++++++-------- 2012/3xxx/CVE-2012-3829.json | 120 ++++++------ 2012/4xxx/CVE-2012-4395.json | 140 +++++++------- 2012/4xxx/CVE-2012-4597.json | 140 +++++++------- 2012/4xxx/CVE-2012-4600.json | 150 +++++++-------- 2012/4xxx/CVE-2012-4653.json | 34 ++-- 2012/6xxx/CVE-2012-6081.json | 240 +++++++++++------------ 2012/6xxx/CVE-2012-6104.json | 140 +++++++------- 2012/6xxx/CVE-2012-6636.json | 180 ++++++++--------- 2015/5xxx/CVE-2015-5879.json | 170 ++++++++--------- 2017/2xxx/CVE-2017-2138.json | 150 +++++++-------- 2017/2xxx/CVE-2017-2288.json | 120 ++++++------ 2017/2xxx/CVE-2017-2372.json | 160 ++++++++-------- 2017/2xxx/CVE-2017-2598.json | 176 ++++++++--------- 2017/2xxx/CVE-2017-2927.json | 160 ++++++++-------- 2017/6xxx/CVE-2017-6818.json | 170 ++++++++--------- 2017/6xxx/CVE-2017-6825.json | 34 ++-- 2018/11xxx/CVE-2018-11137.json | 120 ++++++------ 2018/11xxx/CVE-2018-11364.json | 120 ++++++------ 2018/11xxx/CVE-2018-11900.json | 34 ++-- 2018/14xxx/CVE-2018-14011.json | 34 ++-- 2018/14xxx/CVE-2018-14368.json | 170 ++++++++--------- 2018/14xxx/CVE-2018-14443.json | 130 ++++++------- 2018/14xxx/CVE-2018-14474.json | 120 ++++++------ 2018/14xxx/CVE-2018-14580.json | 34 ++-- 2018/15xxx/CVE-2018-15017.json | 34 ++-- 2018/15xxx/CVE-2018-15062.json | 34 ++-- 2018/15xxx/CVE-2018-15221.json | 34 ++-- 2018/15xxx/CVE-2018-15301.json | 34 ++-- 2018/15xxx/CVE-2018-15729.json | 34 ++-- 2018/20xxx/CVE-2018-20274.json | 34 ++-- 2018/8xxx/CVE-2018-8211.json | 208 ++++++++++---------- 2018/8xxx/CVE-2018-8713.json | 34 ++-- 59 files changed, 3719 insertions(+), 3719 deletions(-) diff --git a/2002/0xxx/CVE-2002-0306.json b/2002/0xxx/CVE-2002-0306.json index 5745b1ce000..77188f9735c 100644 --- a/2002/0xxx/CVE-2002-0306.json +++ b/2002/0xxx/CVE-2002-0306.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101430868616112&w=2" - }, - { - "name" : "4149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4149" + }, + { + "name": "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101430868616112&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0471.json b/2002/0xxx/CVE-2002-0471.json index dc43f8da111..78f59d31e4b 100644 --- a/2002/0xxx/CVE-2002-0471.json +++ b/2002/0xxx/CVE-2002-0471.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020318 PHP Net Toolpack: input validation error", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2002/Mar/0263.html" - }, - { - "name" : "4303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4303" - }, - { - "name" : "phpnettoolpack-traceroute-command-execution(8482)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8482.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020318 PHP Net Toolpack: input validation error", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2002/Mar/0263.html" + }, + { + "name": "phpnettoolpack-traceroute-command-execution(8482)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8482.php" + }, + { + "name": "4303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4303" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2038.json b/2002/2xxx/CVE-2002-2038.json index 40a9a8b8a09..8b0dae6a918 100644 --- a/2002/2xxx/CVE-2002-2038.json +++ b/2002/2xxx/CVE-2002-2038.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4913" - }, - { - "name" : "ngpt-shared-memory-dos(9255)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9255.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ngpt-shared-memory-dos(9255)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9255.php" + }, + { + "name": "4913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4913" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2233.json b/2002/2xxx/CVE-2002-2233.json index 05e33076830..2490cba0990 100644 --- a/2002/2xxx/CVE-2002-2233.json +++ b/2002/2xxx/CVE-2002-2233.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via \"@\" (at) characters in a CD (CWD) command, such as (1) \"@/....\\\", (2) \"@@@/..c:\\\", or (3) \"@/..@/..\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 Multiple vulnerability in Enceladus Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0193.html" - }, - { - "name" : "enceladus-cd-dos(11020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11020" - }, - { - "name" : "enceladus-cd-directory-traversal(11019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via \"@\" (at) characters in a CD (CWD) command, such as (1) \"@/....\\\", (2) \"@@@/..c:\\\", or (3) \"@/..@/..\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "enceladus-cd-directory-traversal(11019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11019" + }, + { + "name": "enceladus-cd-dos(11020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11020" + }, + { + "name": "20021219 Multiple vulnerability in Enceladus Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0193.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0209.json b/2005/0xxx/CVE-2005-0209.json index f3f7320eede..db95516939c 100644 --- a/2005/0xxx/CVE-2005-0209.json +++ b/2005/0xxx/CVE-2005-0209.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050315 [USN-95-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111091402626556&w=2" - }, - { - "name" : "CLA-2005:945", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945" - }, - { - "name" : "RHSA-2005:366", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" - }, - { - "name" : "RHSA-2005:420", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-420.html" - }, - { - "name" : "SUSE-SA:2005:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_18_kernel.html" - }, - { - "name" : "12598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12598" - }, - { - "name" : "oval:org.mitre.oval:def:11855", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050315 [USN-95-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111091402626556&w=2" + }, + { + "name": "RHSA-2005:366", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html" + }, + { + "name": "SUSE-SA:2005:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_18_kernel.html" + }, + { + "name": "oval:org.mitre.oval:def:11855", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11855" + }, + { + "name": "12598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12598" + }, + { + "name": "RHSA-2005:420", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-420.html" + }, + { + "name": "CLA-2005:945", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1101.json b/2005/1xxx/CVE-2005-1101.json index 62238583bce..64dfefe7bf5 100644 --- a/2005/1xxx/CVE-2005-1101.json +++ b/2005/1xxx/CVE-2005-1101.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050412 Remote Buffer Overflow in Lotus Domino", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111335285121320&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/lotus-01.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/lotus-01.txt" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431" - }, - { - "name" : "15364", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15364" - }, - { - "name" : "14879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14879/" - }, - { - "name" : "lotus-timedate-bo(20042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ngssoftware.com/advisories/lotus-01.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/lotus-01.txt" + }, + { + "name": "15364", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15364" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431" + }, + { + "name": "14879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14879/" + }, + { + "name": "lotus-timedate-bo(20042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20042" + }, + { + "name": "20050412 Remote Buffer Overflow in Lotus Domino", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111335285121320&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1388.json b/2005/1xxx/CVE-2005-1388.json index 058041815fc..1a09521338d 100644 --- a/2005/1xxx/CVE-2005-1388.json +++ b/2005/1xxx/CVE-2005-1388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog", - "refsource" : "CONFIRM", - "url" : "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog" - }, - { - "name" : "15905", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15905" - }, - { - "name" : "13415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13415" + }, + { + "name": "15905", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15905" + }, + { + "name": "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog", + "refsource": "CONFIRM", + "url": "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1555.json b/2005/1xxx/CVE-2005-1555.json index f2fb13c703e..cc3f3eae81a 100644 --- a/2005/1xxx/CVE-2005-1555.json +++ b/2005/1xxx/CVE-2005-1555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html" - }, - { - "name" : "20050510 New Macromedia Security Zone Bulletin Posted", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111575500403231&w=2" - }, - { - "name" : "coldfusion-mx7-default-page-xss(20550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050510 New Macromedia Security Zone Bulletin Posted", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111575500403231&w=2" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html" + }, + { + "name": "coldfusion-mx7-default-page-xss(20550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20550" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1586.json b/2005/1xxx/CVE-2005-1586.json index 48b6bcd30ac..4e7d6aee0a1 100644 --- a/2005/1xxx/CVE-2005-1586.json +++ b/2005/1xxx/CVE-2005-1586.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html" - }, - { - "name" : "16328", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16328" - }, - { - "name" : "16329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16329" - }, - { - "name" : "15200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html" + }, + { + "name": "15200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15200" + }, + { + "name": "16328", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16328" + }, + { + "name": "16329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16329" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1782.json b/2005/1xxx/CVE-2005-1782.json index 3e308cf78b6..33810a70a79 100644 --- a/2005/1xxx/CVE-2005-1782.json +++ b/2005/1xxx/CVE-2005-1782.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html" - }, - { - "name" : "13783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13783" - }, - { - "name" : "16871", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16871" - }, - { - "name" : "16872", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16872" - }, - { - "name" : "16873", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16873" - }, - { - "name" : "16874", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16874" - }, - { - "name" : "16875", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16875" - }, - { - "name" : "16876", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16876" - }, - { - "name" : "16877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16877" - }, - { - "name" : "16878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16878" - }, - { - "name" : "16879", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16879" - }, - { - "name" : "1014058", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13783" + }, + { + "name": "1014058", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014058" + }, + { + "name": "16873", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16873" + }, + { + "name": "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html" + }, + { + "name": "16876", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16876" + }, + { + "name": "16874", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16874" + }, + { + "name": "16878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16878" + }, + { + "name": "16879", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16879" + }, + { + "name": "16871", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16871" + }, + { + "name": "16872", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16872" + }, + { + "name": "16875", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16875" + }, + { + "name": "16877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16877" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1927.json b/2005/1xxx/CVE-2005-1927.json index b150c37e5ea..14a560fdbef 100644 --- a/2005/1xxx/CVE-2005-1927.json +++ b/2005/1xxx/CVE-2005-1927.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1927", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1927", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0441.json b/2009/0xxx/CVE-2009-0441.json index 26a758124e0..14b8660b3f9 100644 --- a/2009/0xxx/CVE-2009-0441.json +++ b/2009/0xxx/CVE-2009-0441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7965", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7965" - }, - { - "name" : "33592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33592" - }, - { - "name" : "51740", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51740" - }, - { - "name" : "33732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33592" + }, + { + "name": "33732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33732" + }, + { + "name": "7965", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7965" + }, + { + "name": "51740", + "refsource": "OSVDB", + "url": "http://osvdb.org/51740" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0567.json b/2009/0xxx/CVE-2009-0567.json index 2aa78f1644f..b685004e895 100644 --- a/2009/0xxx/CVE-2009-0567.json +++ b/2009/0xxx/CVE-2009-0567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0567", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-0567", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1213.json b/2009/1xxx/CVE-2009-1213.json index cd922583d53..a3fd7869337 100644 --- a/2009/1xxx/CVE-2009-1213.json +++ b/2009/1xxx/CVE-2009-1213.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.2/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.2/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476603", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476603" - }, - { - "name" : "FEDORA-2009-3405", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html" - }, - { - "name" : "FEDORA-2009-3410", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html" - }, - { - "name" : "34308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34308" - }, - { - "name" : "34545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34545" - }, - { - "name" : "34547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34547" - }, - { - "name" : "34624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34624" - }, - { - "name" : "ADV-2009-0887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0887" - }, - { - "name" : "bugzilla-attachment-csrf(49524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-3405", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html" + }, + { + "name": "ADV-2009-0887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0887" + }, + { + "name": "bugzilla-attachment-csrf(49524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49524" + }, + { + "name": "http://www.bugzilla.org/security/3.2.2/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.2/" + }, + { + "name": "34545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34545" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=476603", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=476603" + }, + { + "name": "34308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34308" + }, + { + "name": "34547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34547" + }, + { + "name": "FEDORA-2009-3410", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html" + }, + { + "name": "34624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34624" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1556.json b/2009/1xxx/CVE-2009-1556.json index de730b1d110..061af61d251 100644 --- a/2009/1xxx/CVE-2009-1556.json +++ b/2009/1xxx/CVE-2009-1556.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/" - }, - { - "name" : "34629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34629" - }, - { - "name" : "34767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34767" - }, - { - "name" : "ADV-2009-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/" + }, + { + "name": "ADV-2009-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1173" + }, + { + "name": "34767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34767" + }, + { + "name": "34629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34629" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1581.json b/2009/1xxx/CVE-2009-1581.json index 3733ab89996..318da31be02 100644 --- a/2009/1xxx/CVE-2009-1581.json +++ b/2009/1xxx/CVE-2009-1581.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2009-05-12", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2009-05-12" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500356", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500356" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "DSA-1802", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1802" - }, - { - "name" : "FEDORA-2009-4870", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" - }, - { - "name" : "FEDORA-2009-4880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" - }, - { - "name" : "FEDORA-2009-4875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" - }, - { - "name" : "MDVSA-2009:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" - }, - { - "name" : "RHSA-2009:1066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1066.html" - }, - { - "name" : "34916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34916" - }, - { - "name" : "oval:org.mitre.oval:def:10441", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441" - }, - { - "name" : "35052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35052" - }, - { - "name" : "35073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35073" - }, - { - "name" : "35140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35140" - }, - { - "name" : "35259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35259" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2009-1296", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1296" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - }, - { - "name" : "squirrelmail-css-xss(50463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500356", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356" + }, + { + "name": "MDVSA-2009:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" + }, + { + "name": "34916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34916" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "oval:org.mitre.oval:def:10441", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441" + }, + { + "name": "FEDORA-2009-4870", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" + }, + { + "name": "35140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35140" + }, + { + "name": "FEDORA-2009-4880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2009-05-12", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2009-05-12" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "squirrelmail-css-xss(50463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "ADV-2009-1296", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1296" + }, + { + "name": "35259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35259" + }, + { + "name": "35052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35052" + }, + { + "name": "FEDORA-2009-4875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" + }, + { + "name": "RHSA-2009:1066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html" + }, + { + "name": "35073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35073" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667" + }, + { + "name": "DSA-1802", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1802" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1804.json b/2009/1xxx/CVE-2009-1804.json index 2457e828477..c49cc74bf89 100644 --- a/2009/1xxx/CVE-2009-1804.json +++ b/2009/1xxx/CVE-2009-1804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8635", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8635" - }, - { - "name" : "34868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34868" - }, - { - "name" : "videoscript-index-sql-injection(50373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34868" + }, + { + "name": "8635", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8635" + }, + { + "name": "videoscript-index-sql-injection(50373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50373" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1821.json b/2009/1xxx/CVE-2009-1821.json index f295c5f10c0..7f4029241f1 100644 --- a/2009/1xxx/CVE-2009-1821.json +++ b/2009/1xxx/CVE-2009-1821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8705", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8705" - }, - { - "name" : "ADV-2009-1347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1347" - }, - { - "name" : "registrationmgr-webblogmgr-info-disclosure(50915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1347" + }, + { + "name": "8705", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8705" + }, + { + "name": "registrationmgr-webblogmgr-info-disclosure(50915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50915" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1879.json b/2009/1xxx/CVE-2009-1879.json index ba447613b74..071224e6ae7 100644 --- a/2009/1xxx/CVE-2009-1879.json +++ b/2009/1xxx/CVE-2009-1879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090819 Adobe Flex 3.3 SDK DOM-Based XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505948/100/0/threaded" - }, - { - "name" : "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/", - "refsource" : "MISC", - "url" : "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html" - }, - { - "name" : "1022748", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022748" - }, - { - "name" : "36374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36374" - }, - { - "name" : "flex-indextemplate-xss(52608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022748", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022748" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" + }, + { + "name": "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/", + "refsource": "MISC", + "url": "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/" + }, + { + "name": "20090819 Adobe Flex 3.3 SDK DOM-Based XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505948/100/0/threaded" + }, + { + "name": "36374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36374" + }, + { + "name": "flex-indextemplate-xss(52608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52608" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2109.json b/2012/2xxx/CVE-2012-2109.json index 2ad5f178ed3..5227c1b3f1e 100644 --- a/2012/2xxx/CVE-2012-2109.json +++ b/2012/2xxx/CVE-2012-2109.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120331 SQL injection in Wordpress plugin Buddypress", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2012/Apr/4" - }, - { - "name" : "18690", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18690" - }, - { - "name" : "[oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/15/2" - }, - { - "name" : "[oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/16/10" - }, - { - "name" : "http://buddypress.org/2012/03/buddypress-1-5-5/", - "refsource" : "CONFIRM", - "url" : "http://buddypress.org/2012/03/buddypress-1-5-5/" - }, - { - "name" : "80763", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://buddypress.org/2012/03/buddypress-1-5-5/", + "refsource": "CONFIRM", + "url": "http://buddypress.org/2012/03/buddypress-1-5-5/" + }, + { + "name": "18690", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18690" + }, + { + "name": "80763", + "refsource": "OSVDB", + "url": "http://osvdb.org/80763" + }, + { + "name": "[oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/16/10" + }, + { + "name": "[oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/15/2" + }, + { + "name": "20120331 SQL injection in Wordpress plugin Buddypress", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2012/Apr/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2405.json b/2012/2xxx/CVE-2012-2405.json index a87fe39329a..36a614c40b6 100644 --- a/2012/2xxx/CVE-2012-2405.json +++ b/2012/2xxx/CVE-2012-2405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=812045", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=812045" - }, - { - "name" : "gallery-encryption-unspecified(75201)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2" + }, + { + "name": "gallery-encryption-unspecified(75201)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75201" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=812045", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812045" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2411.json b/2012/2xxx/CVE-2012-2411.json index 308bfa0ccf2..a6e498efbdd 100644 --- a/2012/2xxx/CVE-2012-2411.json +++ b/2012/2xxx/CVE-2012-2411.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/05152012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/05152012_player/en/" - }, - { - "name" : "81944", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81944" - }, - { - "name" : "1027076", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027076" - }, - { - "name" : "49193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49193" - }, - { - "name" : "realplayer-realjukebox-bo(75648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49193" + }, + { + "name": "1027076", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027076" + }, + { + "name": "http://service.real.com/realplayer/security/05152012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/05152012_player/en/" + }, + { + "name": "realplayer-realjukebox-bo(75648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75648" + }, + { + "name": "81944", + "refsource": "OSVDB", + "url": "http://osvdb.org/81944" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3000.json b/2012/3xxx/CVE-2012-3000.json index 5e1f6a01463..1a1bf9b5f3b 100644 --- a/2012/3xxx/CVE-2012-3000.json +++ b/2012/3xxx/CVE-2012-3000.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-3000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130122 SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html" - }, - { - "name" : "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html" - }, - { - "name" : "57500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57500" - }, - { - "name" : "89446", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89446" - }, - { - "name" : "51867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51867" - }, - { - "name" : "f5bigip-sql-injection(81457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51867" + }, + { + "name": "89446", + "refsource": "OSVDB", + "url": "http://osvdb.org/89446" + }, + { + "name": "57500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57500" + }, + { + "name": "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html" + }, + { + "name": "f5bigip-sql-injection(81457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81457" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt" + }, + { + "name": "20130122 SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3028.json b/2012/3xxx/CVE-2012-3028.json index ca6ad1848af..7e9bfa6f1f3 100644 --- a/2012/3xxx/CVE-2012-3028.json +++ b/2012/3xxx/CVE-2012-3028.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.securitylab.ru/lab/PT-2012-42", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2012-42" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://en.securitylab.ru/lab/PT-2012-42", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2012-42" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3303.json b/2012/3xxx/CVE-2012-3303.json index 3aebd212e36..0ae6bb29c79 100644 --- a/2012/3xxx/CVE-2012-3303.json +++ b/2012/3xxx/CVE-2012-3303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3808.json b/2012/3xxx/CVE-2012-3808.json index 4a9b4da5b55..a7a7856dafc 100644 --- a/2012/3xxx/CVE-2012-3808.json +++ b/2012/3xxx/CVE-2012-3808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3820.json b/2012/3xxx/CVE-2012-3820.json index e0e0fe12ba2..48aa1cfb0bf 100644 --- a/2012/3xxx/CVE-2012-3820.json +++ b/2012/3xxx/CVE-2012-3820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", - "refsource" : "MISC", - "url" : "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" - }, - { - "name" : "86491", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86491" - }, - { - "name" : "86492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86492" - }, - { - "name" : "50969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50969" - }, - { - "name" : "campaign-activate-useredit-sql-injection(79507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50969" + }, + { + "name": "86492", + "refsource": "OSVDB", + "url": "http://osvdb.org/86492" + }, + { + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "name": "campaign-activate-useredit-sql-injection(79507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79507" + }, + { + "name": "86491", + "refsource": "OSVDB", + "url": "http://osvdb.org/86491" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3829.json b/2012/3xxx/CVE-2012-3829.json index e5f69494fa3..1c7a14c4c1c 100644 --- a/2012/3xxx/CVE-2012-3829.json +++ b/2012/3xxx/CVE-2012-3829.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4395.json b/2012/4xxx/CVE-2012-4395.json index 0903a6aac7a..9a4d0fa159f 100644 --- a/2012/4xxx/CVE-2012-4395.json +++ b/2012/4xxx/CVE-2012-4395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1" - }, - { - "name" : "[oss-security] 20120901 Re: CVE - ownCloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2" - }, - { - "name" : "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/11/1" + }, + { + "name": "[oss-security] 20120901 Re: CVE - ownCloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/2" + }, + { + "name": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4597.json b/2012/4xxx/CVE-2012-4597.json index 0294999e4d0..372463618b9 100644 --- a/2012/4xxx/CVE-2012-4597.json +++ b/2012/4xxx/CVE-2012-4597.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026" - }, - { - "name" : "1027444", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027444" - }, - { - "name" : "mcafee-ews-xss(77979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027444", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027444" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026" + }, + { + "name": "mcafee-ews-xss(77979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77979" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4600.json b/2012/4xxx/CVE-2012-4600.json index ac02eab043d..904c81f2613 100644 --- a/2012/4xxx/CVE-2012-4600.json +++ b/2012/4xxx/CVE-2012-4600.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://znuny.com/en/#!/advisory/ZSA-2012-02", - "refsource" : "MISC", - "url" : "http://znuny.com/en/#!/advisory/ZSA-2012-02" - }, - { - "name" : "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/", - "refsource" : "CONFIRM", - "url" : "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/" - }, - { - "name" : "VU#511404", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/511404" - }, - { - "name" : "50615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://znuny.com/en/#!/advisory/ZSA-2012-02", + "refsource": "MISC", + "url": "http://znuny.com/en/#!/advisory/ZSA-2012-02" + }, + { + "name": "50615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50615" + }, + { + "name": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/", + "refsource": "CONFIRM", + "url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/" + }, + { + "name": "VU#511404", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/511404" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4653.json b/2012/4xxx/CVE-2012-4653.json index 9816812e18f..1f42d8f1696 100644 --- a/2012/4xxx/CVE-2012-4653.json +++ b/2012/4xxx/CVE-2012-4653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4653", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4653", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6081.json b/2012/6xxx/CVE-2012-6081.json index 2a826fb76df..90e469ee387 100644 --- a/2012/6xxx/CVE-2012-6081.json +++ b/2012/6xxx/CVE-2012-6081.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25304", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/25304" - }, - { - "name" : "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/29/6" - }, - { - "name" : "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/30/4" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" - }, - { - "name" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f" - }, - { - "name" : "http://moinmo.in/MoinMoinRelease1.9", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/MoinMoinRelease1.9" - }, - { - "name" : "http://moinmo.in/SecurityFixes", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes" - }, - { - "name" : "DSA-2593", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2593" - }, - { - "name" : "USN-1680-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1680-1" - }, - { - "name" : "57082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57082" - }, - { - "name" : "51663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51663" - }, - { - "name" : "51676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51676" - }, - { - "name" : "51696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moinmo.in/MoinMoinRelease1.9", + "refsource": "CONFIRM", + "url": "http://moinmo.in/MoinMoinRelease1.9" + }, + { + "name": "http://moinmo.in/SecurityFixes", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes" + }, + { + "name": "51663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51663" + }, + { + "name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f" + }, + { + "name": "DSA-2593", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2593" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" + }, + { + "name": "57082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57082" + }, + { + "name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/29/6" + }, + { + "name": "51676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51676" + }, + { + "name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/30/4" + }, + { + "name": "51696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51696" + }, + { + "name": "25304", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/25304" + }, + { + "name": "USN-1680-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1680-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6104.json b/2012/6xxx/CVE-2012-6104.json index 2fb3f439666..1e1a3a67bee 100644 --- a/2012/6xxx/CVE-2012-6104.json +++ b/2012/6xxx/CVE-2012-6104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130121 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=220165", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=220165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620" + }, + { + "name": "[oss-security] 20130121 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/21/1" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=220165", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=220165" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6636.json b/2012/6xxx/CVE-2012-6636.json index 4eb095f978c..8b6b9beca09 100644 --- a/2012/6xxx/CVE-2012-6636.json +++ b/2012/6xxx/CVE-2012-6636.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/07/9" - }, - { - "name" : "http://50.56.33.56/blog/?p=314", - "refsource" : "MISC", - "url" : "http://50.56.33.56/blog/?p=314" - }, - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" - }, - { - "name" : "http://www.internetsociety.org/ndss2014/programme#session3", - "refsource" : "MISC", - "url" : "http://www.internetsociety.org/ndss2014/programme#session3" - }, - { - "name" : "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1", - "refsource" : "CONFIRM", - "url" : "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1" - }, - { - "name" : "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29", - "refsource" : "CONFIRM", - "url" : "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/len_6421", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/len_6421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" + }, + { + "name": "http://www.internetsociety.org/ndss2014/programme#session3", + "refsource": "MISC", + "url": "http://www.internetsociety.org/ndss2014/programme#session3" + }, + { + "name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/07/9" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/len_6421", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/len_6421" + }, + { + "name": "http://50.56.33.56/blog/?p=314", + "refsource": "MISC", + "url": "http://50.56.33.56/blog/?p=314" + }, + { + "name": "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1", + "refsource": "CONFIRM", + "url": "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1" + }, + { + "name": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29", + "refsource": "CONFIRM", + "url": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5879.json b/2015/5xxx/CVE-2015-5879.json index 8bc9a607383..6495f08c5bc 100644 --- a/2015/5xxx/CVE-2015-5879.json +++ b/2015/5xxx/CVE-2015-5879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2138.json b/2017/2xxx/CVE-2017-2138.json index 19cdfae4ec7..e4065e509a6 100644 --- a/2017/2xxx/CVE-2017-2138.json +++ b/2017/2xxx/CVE-2017-2138.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CS-Cart Japanese Edition", - "version" : { - "version_data" : [ - { - "version_value" : "v4.3.10 and earlier (excluding v2 and v3)" - } - ] - } - }, - { - "product_name" : "CS-Cart Multivendor Japanese Edition", - "version" : { - "version_data" : [ - { - "version_value" : "v4.3.10 and earlier (excluding v2 and v3)" - } - ] - } - } - ] - }, - "vendor_name" : "Frogman Office Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CS-Cart Japanese Edition", + "version": { + "version_data": [ + { + "version_value": "v4.3.10 and earlier (excluding v2 and v3)" + } + ] + } + }, + { + "product_name": "CS-Cart Multivendor Japanese Edition", + "version": { + "version_data": [ + { + "version_value": "v4.3.10 and earlier (excluding v2 and v3)" + } + ] + } + } + ] + }, + "vendor_name": "Frogman Office Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tips.cs-cart.jp/fix-csrf-20170406.html", - "refsource" : "MISC", - "url" : "http://tips.cs-cart.jp/fix-csrf-20170406.html" - }, - { - "name" : "JVN#87770873", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN87770873/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#87770873", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN87770873/index.html" + }, + { + "name": "http://tips.cs-cart.jp/fix-csrf-20170406.html", + "refsource": "MISC", + "url": "http://tips.cs-cart.jp/fix-csrf-20170406.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2288.json b/2017/2xxx/CVE-2017-2288.json index 9f13baa8773..4c67adeaaf1 100644 --- a/2017/2xxx/CVE-2017-2288.json +++ b/2017/2xxx/CVE-2017-2288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LhaForge", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.1.6.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Claybird" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LhaForge", + "version": { + "version_data": [ + { + "version_value": "Ver.1.6.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Claybird" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#74554973", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN74554973/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#74554973", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN74554973/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2372.json b/2017/2xxx/CVE-2017-2372.json index bd23ba9d293..1c1b0dadef2 100644 --- a/2017/2xxx/CVE-2017-2372.json +++ b/2017/2xxx/CVE-2017-2372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0262/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0262/" - }, - { - "name" : "https://support.apple.com/HT207476", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207476" - }, - { - "name" : "https://support.apple.com/HT207477", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207477" - }, - { - "name" : "95627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95627" - }, - { - "name" : "1037627", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207476", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207476" + }, + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0262/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0262/" + }, + { + "name": "95627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95627" + }, + { + "name": "https://support.apple.com/HT207477", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207477" + }, + { + "name": "1037627", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037627" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2598.json b/2017/2xxx/CVE-2017-2598.json index 6b8a504a823..ef938777d0c 100644 --- a/2017/2xxx/CVE-2017-2598.json +++ b/2017/2xxx/CVE-2017-2598.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "jenkins 2.44" - }, - { - "version_value" : "jenkins 2.32.2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-325" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins", + "version": { + "version_data": [ + { + "version_value": "jenkins 2.44" + }, + { + "version_value": "jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-02-01/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-02-01/" - }, - { - "name" : "95948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-325" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-02-01/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-02-01/" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598" + }, + { + "name": "95948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95948" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2927.json b/2017/2xxx/CVE-2017-2927.json index 0e13768ff5a..27e5678984c 100644 --- a/2017/2xxx/CVE-2017-2927.json +++ b/2017/2xxx/CVE-2017-2927.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.186 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.186 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.186 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.186 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html" - }, - { - "name" : "95347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95347" - }, - { - "name" : "1037570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95347" + }, + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" + }, + { + "name": "RHSA-2017:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html" + }, + { + "name": "1037570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037570" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6818.json b/2017/6xxx/CVE-2017-6818.json index 140aa93197f..f8b16903481 100644 --- a/2017/6xxx/CVE-2017-6818.json +++ b/2017/6xxx/CVE-2017-6818.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codex.wordpress.org/Version_4.7.3", - "refsource" : "MISC", - "url" : "https://codex.wordpress.org/Version_4.7.3" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9", - "refsource" : "MISC", - "url" : "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9" - }, - { - "name" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8769", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8769" - }, - { - "name" : "96601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96601" - }, - { - "name" : "1037959", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037959", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037959" + }, + { + "name": "96601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96601" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8769", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8769" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9", + "refsource": "MISC", + "url": "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9" + }, + { + "name": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" + }, + { + "name": "https://codex.wordpress.org/Version_4.7.3", + "refsource": "MISC", + "url": "https://codex.wordpress.org/Version_4.7.3" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6825.json b/2017/6xxx/CVE-2017-6825.json index fed6de07f2d..b52dcf95ca5 100644 --- a/2017/6xxx/CVE-2017-6825.json +++ b/2017/6xxx/CVE-2017-6825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11137.json b/2018/11xxx/CVE-2018-11137.json index 5595c34a877..ad92374d221 100644 --- a/2018/11xxx/CVE-2018-11137.json +++ b/2018/11xxx/CVE-2018-11137.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11364.json b/2018/11xxx/CVE-2018-11364.json index bab562b7592..dca57d66d53 100644 --- a/2018/11xxx/CVE-2018-11364.json +++ b/2018/11xxx/CVE-2018-11364.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b", - "refsource" : "MISC", - "url" : "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b", + "refsource": "MISC", + "url": "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11900.json b/2018/11xxx/CVE-2018-11900.json index f1c86d1b44b..c397d3af049 100644 --- a/2018/11xxx/CVE-2018-11900.json +++ b/2018/11xxx/CVE-2018-11900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14011.json b/2018/14xxx/CVE-2018-14011.json index fc8aebb3e95..7053696182e 100644 --- a/2018/14xxx/CVE-2018-14011.json +++ b/2018/14xxx/CVE-2018-14011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14368.json b/2018/14xxx/CVE-2018-14368.json index ccf742322ef..4e0db76edce 100644 --- a/2018/14xxx/CVE-2018-14368.json +++ b/2018/14xxx/CVE-2018-14368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-40.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-40.html" - }, - { - "name" : "104847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104847" - }, - { - "name" : "1041608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-40.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-40.html" + }, + { + "name": "1041608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041608" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841" + }, + { + "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" + }, + { + "name": "104847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104847" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14443.json b/2018/14xxx/CVE-2018-14443.json index 668b25f311c..a44d7e9089c 100644 --- a/2018/14xxx/CVE-2018-14443.json +++ b/2018/14xxx/CVE-2018-14443.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hac425.unaux.com/index.php/archives/53/", - "refsource" : "MISC", - "url" : "http://hac425.unaux.com/index.php/archives/53/" - }, - { - "name" : "https://github.com/ArchimedesCAD/libredwg/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/ArchimedesCAD/libredwg/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hac425.unaux.com/index.php/archives/53/", + "refsource": "MISC", + "url": "http://hac425.unaux.com/index.php/archives/53/" + }, + { + "name": "https://github.com/ArchimedesCAD/libredwg/issues/6", + "refsource": "MISC", + "url": "https://github.com/ArchimedesCAD/libredwg/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14474.json b/2018/14xxx/CVE-2018-14474.json index b0d2fe1f551..d1a361cbe7e 100644 --- a/2018/14xxx/CVE-2018-14474.json +++ b/2018/14xxx/CVE-2018-14474.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa", - "refsource" : "MISC", - "url" : "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa", + "refsource": "MISC", + "url": "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14580.json b/2018/14xxx/CVE-2018-14580.json index db51dd3aea7..2ec80af458c 100644 --- a/2018/14xxx/CVE-2018-14580.json +++ b/2018/14xxx/CVE-2018-14580.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14580", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14580", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15017.json b/2018/15xxx/CVE-2018-15017.json index 67547c64180..6cf9e225cdd 100644 --- a/2018/15xxx/CVE-2018-15017.json +++ b/2018/15xxx/CVE-2018-15017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15017", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15017", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15062.json b/2018/15xxx/CVE-2018-15062.json index 40f3f258101..6e8a4bc693d 100644 --- a/2018/15xxx/CVE-2018-15062.json +++ b/2018/15xxx/CVE-2018-15062.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15062", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15062", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15221.json b/2018/15xxx/CVE-2018-15221.json index 6f4a73a7fa0..7543f7165a0 100644 --- a/2018/15xxx/CVE-2018-15221.json +++ b/2018/15xxx/CVE-2018-15221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15301.json b/2018/15xxx/CVE-2018-15301.json index 78902659cb1..ee442ce4585 100644 --- a/2018/15xxx/CVE-2018-15301.json +++ b/2018/15xxx/CVE-2018-15301.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15301", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15301", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15729.json b/2018/15xxx/CVE-2018-15729.json index 5d0d3fd89d2..c8d1af541ea 100644 --- a/2018/15xxx/CVE-2018-15729.json +++ b/2018/15xxx/CVE-2018-15729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15729", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15729", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20274.json b/2018/20xxx/CVE-2018-20274.json index 4c58c86c425..29586ec9adc 100644 --- a/2018/20xxx/CVE-2018-20274.json +++ b/2018/20xxx/CVE-2018-20274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20274", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20274", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8211.json b/2018/8xxx/CVE-2018-8211.json index 83bc0d128d7..1659d3a6aa4 100644 --- a/2018/8xxx/CVE-2018-8211.json +++ b/2018/8xxx/CVE-2018-8211.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211" - }, - { - "name" : "104326", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104326" - }, - { - "name" : "1041098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041098" + }, + { + "name": "104326", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104326" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8713.json b/2018/8xxx/CVE-2018-8713.json index fdc53191cbd..4551c32e38d 100644 --- a/2018/8xxx/CVE-2018-8713.json +++ b/2018/8xxx/CVE-2018-8713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file