diff --git a/2005/0xxx/CVE-2005-0124.json b/2005/0xxx/CVE-2005-0124.json index 5cfa0211121..5aeb499642e 100644 --- a/2005/0xxx/CVE-2005-0124.json +++ b/2005/0xxx/CVE-2005-0124.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel", - "refsource" : "MLIST", - "url" : "http://seclists.org/lists/linux-kernel/2004/Dec/3914.html" - }, - { - "name" : "[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel", - "refsource" : "MLIST", - "url" : "http://seclists.org/lists/linux-kernel/2005/Jan/1089.html" - }, - { - "name" : "[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel", - "refsource" : "MLIST", - "url" : "http://seclists.org/lists/linux-kernel/2005/Jan/2018.html" - }, - { - "name" : "[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel", - "refsource" : "MLIST", - "url" : "http://seclists.org/lists/linux-kernel/2005/Jan/2020.html" - }, - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "FLSA:157459-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded" - }, - { - "name" : "RHSA-2006:0191", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "14967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14967" - }, - { - "name" : "oval:org.mitre.oval:def:11690", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11690" - }, - { - "name" : "ADV-2005-1878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1878" - }, - { - "name" : "1013018", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013018" - }, - { - "name" : "18684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18684" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "17002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17002" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "18684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18684" + }, + { + "name": "[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel", + "refsource": "MLIST", + "url": "http://seclists.org/lists/linux-kernel/2005/Jan/1089.html" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel", + "refsource": "MLIST", + "url": "http://seclists.org/lists/linux-kernel/2004/Dec/3914.html" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "14967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14967" + }, + { + "name": "1013018", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013018" + }, + { + "name": "FLSA:157459-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded" + }, + { + "name": "[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel", + "refsource": "MLIST", + "url": "http://seclists.org/lists/linux-kernel/2005/Jan/2018.html" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "17002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17002" + }, + { + "name": "[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel", + "refsource": "MLIST", + "url": "http://seclists.org/lists/linux-kernel/2005/Jan/2020.html" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "ADV-2005-1878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1878" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "oval:org.mitre.oval:def:11690", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11690" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + }, + { + "name": "RHSA-2006:0191", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0583.json b/2005/0xxx/CVE-2005-0583.json index 2af9873bef0..a62b3de291e 100644 --- a/2005/0xxx/CVE-2005-0583.json +++ b/2005/0xxx/CVE-2005-0583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050302 Computer Associates License Client PUTOLF Directory Traversal", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=212&type=vulnerabilities" - }, - { - "name" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp" - }, - { - "name" : "20050302 License Patches Are Now Available To Address Buffer Overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110979326828704&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050302 License Patches Are Now Available To Address Buffer Overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110979326828704&w=2" + }, + { + "name": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp" + }, + { + "name": "20050302 Computer Associates License Client PUTOLF Directory Traversal", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=212&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2101.json b/2005/2xxx/CVE-2005-2101.json index 201b355590c..f60bc239c88 100644 --- a/2005/2xxx/CVE-2005-2101.json +++ b/2005/2xxx/CVE-2005-2101.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-2101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kde.org/info/security/advisory-20050815-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20050815-1.txt" - }, - { - "name" : "DSA-818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-818" - }, - { - "name" : "MDKSA-2005:159", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:159" - }, - { - "name" : "14561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14561" - }, - { - "name" : "1014675", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014675" - }, - { - "name" : "16428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14561" + }, + { + "name": "http://www.kde.org/info/security/advisory-20050815-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20050815-1.txt" + }, + { + "name": "DSA-818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-818" + }, + { + "name": "16428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16428" + }, + { + "name": "MDKSA-2005:159", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:159" + }, + { + "name": "1014675", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014675" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2474.json b/2005/2xxx/CVE-2005-2474.json index 969f9660626..e1a807b79b7 100644 --- a/2005/2xxx/CVE-2005-2474.json +++ b/2005/2xxx/CVE-2005-2474.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050801 ChurchInfo Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112291550713546&w=2" - }, - { - "name" : "18429", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18429" - }, - { - "name" : "18430", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18430" - }, - { - "name" : "18431", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18431" - }, - { - "name" : "18432", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18432" - }, - { - "name" : "18433", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18433" - }, - { - "name" : "18434", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18434" - }, - { - "name" : "18435", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18435" - }, - { - "name" : "18436", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18436" - }, - { - "name" : "18437", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18437" - }, - { - "name" : "18438", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18438" - }, - { - "name" : "18439", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18439" - }, - { - "name" : "18450", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18450" - }, - { - "name" : "18425", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18425" - }, - { - "name" : "18426", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18426" - }, - { - "name" : "1014617", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014617" - }, - { - "name" : "16292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16292" - }, - { - "name" : "churchinfo-path-disclosure(21648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18430", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18430" + }, + { + "name": "18450", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18450" + }, + { + "name": "18432", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18432" + }, + { + "name": "18435", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18435" + }, + { + "name": "20050801 ChurchInfo Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112291550713546&w=2" + }, + { + "name": "18425", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18425" + }, + { + "name": "churchinfo-path-disclosure(21648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21648" + }, + { + "name": "18426", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18426" + }, + { + "name": "1014617", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014617" + }, + { + "name": "18439", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18439" + }, + { + "name": "18437", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18437" + }, + { + "name": "18429", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18429" + }, + { + "name": "18431", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18431" + }, + { + "name": "18433", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18433" + }, + { + "name": "18438", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18438" + }, + { + "name": "18436", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18436" + }, + { + "name": "18434", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18434" + }, + { + "name": "16292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16292" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2653.json b/2005/2xxx/CVE-2005-2653.json index 90e445c576b..e401fd9e18e 100644 --- a/2005/2xxx/CVE-2005-2653.json +++ b/2005/2xxx/CVE-2005-2653.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050818 BBCaffe 2.0 cross site scripting poc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/408503" - }, - { - "name" : "http://rgod.altervista.org/bbcaffe.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/bbcaffe.html" - }, - { - "name" : "14602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14602" - }, - { - "name" : "1014733", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014733" - }, - { - "name" : "16503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16503" - }, - { - "name" : "bbcaffe-xss(21913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14602" + }, + { + "name": "bbcaffe-xss(21913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21913" + }, + { + "name": "1014733", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014733" + }, + { + "name": "http://rgod.altervista.org/bbcaffe.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/bbcaffe.html" + }, + { + "name": "16503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16503" + }, + { + "name": "20050818 BBCaffe 2.0 cross site scripting poc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/408503" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3013.json b/2005/3xxx/CVE-2005-3013.json index 6cbc547c9a5..2bdddd60d96 100644 --- a/2005/3xxx/CVE-2005-3013.json +++ b/2005/3xxx/CVE-2005-3013.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2005:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html" - }, - { - "name" : "14861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14861" - }, - { - "name" : "suse-yast-loc-bo(24323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "suse-yast-loc-bo(24323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24323" + }, + { + "name": "SUSE-SR:2005:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html" + }, + { + "name": "14861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14861" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3098.json b/2005/3xxx/CVE-2005-3098.json index 71f2b9241f3..021789f6401 100644 --- a/2005/3xxx/CVE-2005-3098.json +++ b/2005/3xxx/CVE-2005-3098.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050924 It's time for some warez - Qpopper poppassd local r00t exploit", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html" - }, - { - "name" : "14944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14944" - }, - { - "name" : "ADV-2005-1844", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1844" - }, - { - "name" : "16935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14944" + }, + { + "name": "16935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16935" + }, + { + "name": "ADV-2005-1844", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1844" + }, + { + "name": "20050924 It's time for some warez - Qpopper poppassd local r00t exploit", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3100.json b/2005/3xxx/CVE-2005-3100.json index 4faccf789c1..e8aa1473128 100644 --- a/2005/3xxx/CVE-2005-3100.json +++ b/2005/3xxx/CVE-2005-3100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289", - "refsource" : "CONFIRM", - "url" : "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289" - }, - { - "name" : "14950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14950" - }, - { - "name" : "20971", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20971" - }, - { - "name" : "16967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14950" + }, + { + "name": "20971", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20971" + }, + { + "name": "16967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16967" + }, + { + "name": "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289", + "refsource": "CONFIRM", + "url": "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3223.json b/2005/3xxx/CVE-2005-3223.json index 05a245d5442..de338a5a7b9 100644 --- a/2005/3xxx/CVE-2005-3223.json +++ b/2005/3xxx/CVE-2005-3223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051007 Antivirus detection bypass by special crafted archive.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" - }, - { - "name" : "http://shadock.net/secubox/AVCraftedArchive.html", - "refsource" : "MISC", - "url" : "http://shadock.net/secubox/AVCraftedArchive.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://shadock.net/secubox/AVCraftedArchive.html", + "refsource": "MISC", + "url": "http://shadock.net/secubox/AVCraftedArchive.html" + }, + { + "name": "20051007 Antivirus detection bypass by special crafted archive.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3725.json b/2005/3xxx/CVE-2005-3725.json index 2d48d3671e4..7a15915c8d3 100644 --- a/2005/3xxx/CVE-2005-3725.json +++ b/2005/3xxx/CVE-2005-3725.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113217443126673&w=2" - }, - { - "name" : "15478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15478" + }, + { + "name": "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113217443126673&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3905.json b/2005/3xxx/CVE-2005-3905.json index 3e219edca81..fadeb89b709 100644 --- a/2005/3xxx/CVE-2005-3905.json +++ b/2005/3xxx/CVE-2005-3905.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the \"first issue\" identified in SUNALERT:102003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-11-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html" - }, - { - "name" : "GLSA-200601-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml" - }, - { - "name" : "102003", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628" - }, - { - "name" : "VU#974188", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/974188" - }, - { - "name" : "15615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15615" - }, - { - "name" : "ADV-2005-2636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2636" - }, - { - "name" : "ADV-2005-2946", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2946" - }, - { - "name" : "ADV-2005-2675", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2675" - }, - { - "name" : "1015280", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015280" - }, - { - "name" : "17748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17748" - }, - { - "name" : "18092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18092" - }, - { - "name" : "17847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17847" - }, - { - "name" : "18503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18503" - }, - { - "name" : "18435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18435" - }, - { - "name" : "sun-reflection-api-elevate-privileges(23251)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the \"first issue\" identified in SUNALERT:102003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17847" + }, + { + "name": "18503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18503" + }, + { + "name": "18435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18435" + }, + { + "name": "15615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15615" + }, + { + "name": "102003", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1" + }, + { + "name": "ADV-2005-2946", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2946" + }, + { + "name": "ADV-2005-2675", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2675" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628" + }, + { + "name": "ADV-2005-2636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2636" + }, + { + "name": "GLSA-200601-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml" + }, + { + "name": "VU#974188", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/974188" + }, + { + "name": "1015280", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015280" + }, + { + "name": "APPLE-SA-2005-11-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html" + }, + { + "name": "sun-reflection-api-elevate-privileges(23251)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251" + }, + { + "name": "17748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17748" + }, + { + "name": "18092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18092" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4153.json b/2005/4xxx/CVE-2005-4153.json index 333ac9122f3..06c88fec713 100644 --- a/2005/4xxx/CVE-2005-4153.json +++ b/2005/4xxx/CVE-2005-4153.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-955", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-955" - }, - { - "name" : "MDKSA-2005:222", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222" - }, - { - "name" : "RHSA-2006:0204", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0204.html" - }, - { - "name" : "20060401-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" - }, - { - "name" : "2006-0012", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0012/" - }, - { - "name" : "USN-242-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-242-1" - }, - { - "name" : "16248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16248" - }, - { - "name" : "21723", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21723" - }, - { - "name" : "oval:org.mitre.oval:def:10660", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660" - }, - { - "name" : "18612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18612" - }, - { - "name" : "19167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19167" - }, - { - "name" : "19196", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19196" - }, - { - "name" : "18449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18449" - }, - { - "name" : "18456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18456" - }, - { - "name" : "19532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19532" - }, - { - "name" : "mailman-utf8-scrubber-dos(23139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19167" + }, + { + "name": "USN-242-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-242-1" + }, + { + "name": "16248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16248" + }, + { + "name": "20060401-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" + }, + { + "name": "2006-0012", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0012/" + }, + { + "name": "RHSA-2006:0204", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html" + }, + { + "name": "oval:org.mitre.oval:def:10660", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660" + }, + { + "name": "mailman-utf8-scrubber-dos(23139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139" + }, + { + "name": "18456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18456" + }, + { + "name": "19532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19532" + }, + { + "name": "MDKSA-2005:222", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222" + }, + { + "name": "18449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18449" + }, + { + "name": "18612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18612" + }, + { + "name": "21723", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21723" + }, + { + "name": "19196", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19196" + }, + { + "name": "DSA-955", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-955" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4238.json b/2005/4xxx/CVE-2005-4238.json index 652a3ca13a8..3d59d915294 100644 --- a/2005/4xxx/CVE-2005-4238.json +++ b/2005/4xxx/CVE-2005-4238.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html" - }, - { - "name" : "DSA-944", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-944" - }, - { - "name" : "15842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15842" - }, - { - "name" : "ADV-2005-2874", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2874" - }, - { - "name" : "18018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18018" - }, - { - "name" : "18481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18481" + }, + { + "name": "15842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15842" + }, + { + "name": "ADV-2005-2874", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2874" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html" + }, + { + "name": "DSA-944", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-944" + }, + { + "name": "18018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18018" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4809.json b/2005/4xxx/CVE-2005-4809.json index 17635411240..2a1ccc764c7 100644 --- a/2005/4xxx/CVE-2005-4809.json +++ b/2005/4xxx/CVE-2005-4809.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111073068631287&w=2" - }, - { - "name" : "12798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12798" - }, - { - "name" : "ADV-2005-0260", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0260" - }, - { - "name" : "14885", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14885" - }, - { - "name" : "1013423", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013423" - }, - { - "name" : "14568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14568" - }, - { - "name" : "mozilla-save-link-as-dialog-spoofing(19540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilla-save-link-as-dialog-spoofing(19540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540" + }, + { + "name": "14568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14568" + }, + { + "name": "12798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12798" + }, + { + "name": "1013423", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013423" + }, + { + "name": "14885", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14885" + }, + { + "name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111073068631287&w=2" + }, + { + "name": "ADV-2005-0260", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0260" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0071.json b/2009/0xxx/CVE-2009-0071.json index 7fd82e6f62f..dc6c9a298d2 100644 --- a/2009/0xxx/CVE-2009-0071.json +++ b/2009/0xxx/CVE-2009-0071.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html" - }, - { - "name" : "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html" - }, - { - "name" : "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html" - }, - { - "name" : "8091", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8091" - }, - { - "name" : "8219", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8219" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=456727", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=456727" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472507", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472507" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448329", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448329" - }, - { - "name" : "33154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8219", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8219" + }, + { + "name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329" + }, + { + "name": "8091", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8091" + }, + { + "name": "33154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33154" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507" + }, + { + "name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html" + }, + { + "name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0598.json b/2009/0xxx/CVE-2009-0598.json index f882d6d3509..174c3d42180 100644 --- a/2009/0xxx/CVE-2009-0598.json +++ b/2009/0xxx/CVE-2009-0598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7660", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7660" - }, - { - "name" : "33105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33105" - }, - { - "name" : "33332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33332" + }, + { + "name": "7660", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7660" + }, + { + "name": "33105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33105" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0917.json b/2009/0xxx/CVE-2009-0917.json index b02b1041199..12a7e3116e6 100644 --- a/2009/0xxx/CVE-2009-0917.json +++ b/2009/0xxx/CVE-2009-0917.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ptk.dflabs.com/faq.html", - "refsource" : "MISC", - "url" : "http://ptk.dflabs.com/faq.html" - }, - { - "name" : "http://ptk.dflabs.com/security.html", - "refsource" : "MISC", - "url" : "http://ptk.dflabs.com/security.html" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ" - }, - { - "name" : "VU#845747", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/845747" - }, - { - "name" : "34111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34111" - }, - { - "name" : "34257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34257" - }, - { - "name" : "ptk-unspecified-xss(49236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ptk.dflabs.com/security.html", + "refsource": "MISC", + "url": "http://ptk.dflabs.com/security.html" + }, + { + "name": "34257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34257" + }, + { + "name": "VU#845747", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/845747" + }, + { + "name": "34111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34111" + }, + { + "name": "ptk-unspecified-xss(49236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236" + }, + { + "name": "http://ptk.dflabs.com/faq.html", + "refsource": "MISC", + "url": "http://ptk.dflabs.com/faq.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0959.json b/2009/0xxx/CVE-2009-0959.json index 78ff13e3612..a731ac56bf1 100644 --- a/2009/0xxx/CVE-2009-0959.json +++ b/2009/0xxx/CVE-2009-0959.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3639", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3639" - }, - { - "name" : "APPLE-SA-2009-06-17-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" - }, - { - "name" : "35414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35414" - }, - { - "name" : "35433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35433" - }, - { - "name" : "55237", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55237" - }, - { - "name" : "ADV-2009-1621", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1621" - }, - { - "name" : "ipod-iphone-mpeg4-dos(51211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55237", + "refsource": "OSVDB", + "url": "http://osvdb.org/55237" + }, + { + "name": "http://support.apple.com/kb/HT3639", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3639" + }, + { + "name": "ADV-2009-1621", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1621" + }, + { + "name": "35414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35414" + }, + { + "name": "ipod-iphone-mpeg4-dos(51211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211" + }, + { + "name": "APPLE-SA-2009-06-17-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" + }, + { + "name": "35433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35433" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2177.json b/2009/2xxx/CVE-2009-2177.json index 69a85973727..ddc99e25461 100644 --- a/2009/2xxx/CVE-2009-2177.json +++ b/2009/2xxx/CVE-2009-2177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a \"....//\" (dot dot) in the s parameter, which is collapsed into a \"../\" value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8978", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8978" - }, - { - "name" : "35418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35418" - }, - { - "name" : "55184", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/55184" - }, - { - "name" : "35489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35489" - }, - { - "name" : "fuzzylimecms-display-file-overwrite(51206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a \"....//\" (dot dot) in the s parameter, which is collapsed into a \"../\" value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35418" + }, + { + "name": "fuzzylimecms-display-file-overwrite(51206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51206" + }, + { + "name": "8978", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8978" + }, + { + "name": "55184", + "refsource": "OSVDB", + "url": "http://osvdb.org/55184" + }, + { + "name": "35489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35489" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2195.json b/2009/2xxx/CVE-2009-2195.json index f041714c542..b7554fa8209 100644 --- a/2009/2xxx/CVE-2009-2195.json +++ b/2009/2xxx/CVE-2009-2195.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3733", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3733" - }, - { - "name" : "http://support.apple.com/kb/HT4225", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4225" - }, - { - "name" : "APPLE-SA-2009-08-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html" - }, - { - "name" : "APPLE-SA-2010-06-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "36023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36023" - }, - { - "name" : "1022717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022717" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "APPLE-SA-2009-08-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "http://support.apple.com/kb/HT4225", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4225" + }, + { + "name": "36023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36023" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "1022717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022717" + }, + { + "name": "APPLE-SA-2010-06-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT3733", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3733" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2452.json b/2009/2xxx/CVE-2009-2452.json index c368bbb1434..e66b512c208 100644 --- a/2009/2xxx/CVE-2009-2452.json +++ b/2009/2xxx/CVE-2009-2452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to \"underlying components of the License Management Console.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX120742", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX120742" - }, - { - "name" : "34759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34759" - }, - { - "name" : "34937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to \"underlying components of the License Management Console.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX120742", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX120742" + }, + { + "name": "34937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34937" + }, + { + "name": "34759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34759" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2577.json b/2009/2xxx/CVE-2009-2577.json index b04821abb4e..8fd07ff3d46 100644 --- a/2009/2xxx/CVE-2009-2577.json +++ b/2009/2xxx/CVE-2009-2577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/505092/100/0/threaded" - }, - { - "name" : "http://websecurity.com.ua/3338/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3338/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://websecurity.com.ua/3338/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3338/" + }, + { + "name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3077.json b/2009/3xxx/CVE-2009-3077.json index f2aac7b5eb7..276357ff9b0 100644 --- a/2009/3xxx/CVE-2009-3077.json +++ b/2009/3xxx/CVE-2009-3077.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a \"dangling pointer vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=506871", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=506871" - }, - { - "name" : "DSA-1885", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1885" - }, - { - "name" : "RHSA-2009:1430", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html" - }, - { - "name" : "RHSA-2009:1431", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1431.html" - }, - { - "name" : "RHSA-2009:1432", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1432.html" - }, - { - "name" : "RHSA-2010:0153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" - }, - { - "name" : "RHSA-2010:0154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "SUSE-SA:2009:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" - }, - { - "name" : "USN-915-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-915-1" - }, - { - "name" : "36343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36343" - }, - { - "name" : "oval:org.mitre.oval:def:10730", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730" - }, - { - "name" : "oval:org.mitre.oval:def:5606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606" - }, - { - "name" : "36671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36671" - }, - { - "name" : "39001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39001" - }, - { - "name" : "38977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38977" - }, - { - "name" : "37098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37098" - }, - { - "name" : "36669", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36669" - }, - { - "name" : "36670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36670" - }, - { - "name" : "36692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36692" - }, - { - "name" : "ADV-2010-0650", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a \"dangling pointer vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1885", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1885" + }, + { + "name": "RHSA-2010:0153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" + }, + { + "name": "36343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36343" + }, + { + "name": "39001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39001" + }, + { + "name": "SUSE-SA:2009:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" + }, + { + "name": "oval:org.mitre.oval:def:10730", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730" + }, + { + "name": "RHSA-2009:1430", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html" + }, + { + "name": "ADV-2010-0650", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0650" + }, + { + "name": "oval:org.mitre.oval:def:5606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606" + }, + { + "name": "36692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36692" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "36670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36670" + }, + { + "name": "36671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36671" + }, + { + "name": "38977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38977" + }, + { + "name": "36669", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36669" + }, + { + "name": "RHSA-2010:0154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" + }, + { + "name": "RHSA-2009:1432", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=506871", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=506871" + }, + { + "name": "37098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37098" + }, + { + "name": "USN-915-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-915-1" + }, + { + "name": "RHSA-2009:1431", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1431.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3228.json b/2009/3xxx/CVE-2009-3228.json index 5e829d20c21..5837c0c9279 100644 --- a/2009/3xxx/CVE-2009-3228.json +++ b/2009/3xxx/CVE-2009-3228.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090903 CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/03/1" - }, - { - "name" : "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/05/2" - }, - { - "name" : "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/06/2" - }, - { - "name" : "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/07/2" - }, - { - "name" : "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/17/1" - }, - { - "name" : "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/09/17/9" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/32830/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/32830/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=520990", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=520990" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "RHSA-2009:1540", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" - }, - { - "name" : "RHSA-2009:1548", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1548.html" - }, - { - "name" : "RHSA-2009:1522", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1522.html" - }, - { - "name" : "USN-864-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-864-1" - }, - { - "name" : "oval:org.mitre.oval:def:6757", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757" - }, - { - "name" : "oval:org.mitre.oval:def:9409", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409" - }, - { - "name" : "1023073", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023073" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "37084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37084" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9" + }, + { + "name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1" + }, + { + "name": "RHSA-2009:1540", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html" + }, + { + "name": "USN-864-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-864-1" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "[oss-security] 20090903 CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/03/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=520990", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520990" + }, + { + "name": "37084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37084" + }, + { + "name": "RHSA-2009:1522", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6" + }, + { + "name": "oval:org.mitre.oval:def:9409", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a" + }, + { + "name": "RHSA-2009:1548", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2" + }, + { + "name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2" + }, + { + "name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2" + }, + { + "name": "1023073", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023073" + }, + { + "name": "http://patchwork.ozlabs.org/patch/32830/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/32830/" + }, + { + "name": "oval:org.mitre.oval:def:6757", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3617.json b/2009/3xxx/CVE-2009-3617.json index cc97eaccf81..04383628dfa 100644 --- a/2009/3xxx/CVE-2009-3617.json +++ b/2009/3xxx/CVE-2009-3617.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-3617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091016 CVE Request - aria2 - 1.6.2", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125568632528906&w=2" - }, - { - "name" : "[oss-security] 20091016 Re: CVE Request - aria2 - 1.6.2", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=125572053420493&w=2" - }, - { - "name" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586", - "refsource" : "CONFIRM", - "url" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586" - }, - { - "name" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572", - "refsource" : "CONFIRM", - "url" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=529342", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=529342" - }, - { - "name" : "https://fedorahosted.org/rel-eng/ticket/2495", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/rel-eng/ticket/2495" - }, - { - "name" : "59087", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/59087" - }, - { - "name" : "31732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31732" - }, - { - "name" : "ADV-2009-2960", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fedorahosted.org/rel-eng/ticket/2495", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/rel-eng/ticket/2495" + }, + { + "name": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572", + "refsource": "CONFIRM", + "url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572" + }, + { + "name": "ADV-2009-2960", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2960" + }, + { + "name": "[oss-security] 20091016 CVE Request - aria2 - 1.6.2", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125568632528906&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=529342", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529342" + }, + { + "name": "31732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31732" + }, + { + "name": "59087", + "refsource": "OSVDB", + "url": "http://osvdb.org/59087" + }, + { + "name": "[oss-security] 20091016 Re: CVE Request - aria2 - 1.6.2", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=125572053420493&w=2" + }, + { + "name": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586", + "refsource": "CONFIRM", + "url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3865.json b/2009/3xxx/CVE-2009-3865.json index 51aadfb5610..b426343ddb2 100644 --- a/2009/3xxx/CVE-2009-3865.json +++ b/2009/3xxx/CVE-2009-3865.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "http://support.apple.com/kb/HT3969", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3969" - }, - { - "name" : "http://support.apple.com/kb/HT3970", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3970" - }, - { - "name" : "APPLE-SA-2009-12-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-12-03-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2009:1694", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html" - }, - { - "name" : "269869", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1" - }, - { - "name" : "SUSE-SA:2009:058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" - }, - { - "name" : "36881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36881" - }, - { - "name" : "oval:org.mitre.oval:def:7562", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562" - }, - { - "name" : "1023244", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023244" - }, - { - "name" : "37231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37231" - }, - { - "name" : "37239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37239" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37581" - }, - { - "name" : "37841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37841" - }, - { - "name" : "ADV-2009-3131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36881" + }, + { + "name": "http://support.apple.com/kb/HT3970", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3970" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "http://support.apple.com/kb/HT3969", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3969" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1694", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html" + }, + { + "name": "APPLE-SA-2009-12-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" + }, + { + "name": "37231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37231" + }, + { + "name": "oval:org.mitre.oval:def:7562", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562" + }, + { + "name": "SUSE-SA:2009:058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" + }, + { + "name": "ADV-2009-3131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3131" + }, + { + "name": "APPLE-SA-2009-12-03-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" + }, + { + "name": "37581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37581" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "37841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37841" + }, + { + "name": "269869", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1" + }, + { + "name": "37239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37239" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "1023244", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023244" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3874.json b/2009/3xxx/CVE-2009-3874.json index d63d3aa98b9..912eaff3fc8 100644 --- a/2009/3xxx/CVE-2009-3874.json +++ b/2009/3xxx/CVE-2009-3874.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-09-080/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-09-080/" - }, - { - "name" : "http://java.sun.com/javase/6/webnotes/6u17.html", - "refsource" : "CONFIRM", - "url" : "http://java.sun.com/javase/6/webnotes/6u17.html" - }, - { - "name" : "http://support.apple.com/kb/HT3969", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3969" - }, - { - "name" : "http://support.apple.com/kb/HT3970", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3970" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" - }, - { - "name" : "APPLE-SA-2009-12-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2009-12-03-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBMU02703", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" - }, - { - "name" : "SSRT100242", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "HPSBUX02503", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" - }, - { - "name" : "SSRT100019", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" - }, - { - "name" : "MDVSA-2010:084", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" - }, - { - "name" : "RHSA-2009:1694", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html" - }, - { - "name" : "270474", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1" - }, - { - "name" : "SUSE-SA:2009:058", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" - }, - { - "name" : "36881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36881" - }, - { - "name" : "oval:org.mitre.oval:def:11566", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566" - }, - { - "name" : "oval:org.mitre.oval:def:7442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442" - }, - { - "name" : "oval:org.mitre.oval:def:8603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603" - }, - { - "name" : "oval:org.mitre.oval:def:12057", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057" - }, - { - "name" : "1023132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1023132" - }, - { - "name" : "37231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37231" - }, - { - "name" : "37239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37239" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "37581", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37581" - }, - { - "name" : "37841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37841" - }, - { - "name" : "ADV-2009-3131", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02503", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2" + }, + { + "name": "36881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36881" + }, + { + "name": "http://support.apple.com/kb/HT3970", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3970" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "http://support.apple.com/kb/HT3969", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3969" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-09-080/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-09-080/" + }, + { + "name": "HPSBMU02703", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "RHSA-2009:1694", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html" + }, + { + "name": "oval:org.mitre.oval:def:8603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603" + }, + { + "name": "APPLE-SA-2009-12-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" + }, + { + "name": "37231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37231" + }, + { + "name": "SSRT100019", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2" + }, + { + "name": "1023132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1023132" + }, + { + "name": "SSRT100242", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2" + }, + { + "name": "SUSE-SA:2009:058", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" + }, + { + "name": "270474", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1" + }, + { + "name": "ADV-2009-3131", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3131" + }, + { + "name": "APPLE-SA-2009-12-03-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:11566", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566" + }, + { + "name": "oval:org.mitre.oval:def:12057", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057" + }, + { + "name": "37581", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37581" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" + }, + { + "name": "http://java.sun.com/javase/6/webnotes/6u17.html", + "refsource": "CONFIRM", + "url": "http://java.sun.com/javase/6/webnotes/6u17.html" + }, + { + "name": "37841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37841" + }, + { + "name": "oval:org.mitre.oval:def:7442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442" + }, + { + "name": "37239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37239" + }, + { + "name": "MDVSA-2010:084", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4054.json b/2009/4xxx/CVE-2009-4054.json index 99e1ff8f2aa..f150f5923f7 100644 --- a/2009/4xxx/CVE-2009-4054.json +++ b/2009/4xxx/CVE-2009-4054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4054", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3672. Reason: This candidate is a duplicate of CVE-2009-3672. The duplicate was assigned by the CNA without proper coordination with MITRE. Notes: All CVE users should reference CVE-2009-3672 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-4054", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3672. Reason: This candidate is a duplicate of CVE-2009-3672. The duplicate was assigned by the CNA without proper coordination with MITRE. Notes: All CVE users should reference CVE-2009-3672 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4069.json b/2009/4xxx/CVE-2009-4069.json index c1cc29c4f32..84a5e6a07ae 100644 --- a/2009/4xxx/CVE-2009-4069.json +++ b/2009/4xxx/CVE-2009-4069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1818" - }, - { - "name" : "35424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35424" - }, - { - "name" : "35458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1818" + }, + { + "name": "35458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35458" + }, + { + "name": "35424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35424" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4103.json b/2009/4xxx/CVE-2009-4103.json index bd93d7a7bff..1605434237b 100644 --- a/2009/4xxx/CVE-2009-4103.json +++ b/2009/4xxx/CVE-2009-4103.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37143" - }, - { - "name" : "60513", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60513" - }, - { - "name" : "37452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37452" + }, + { + "name": "60513", + "refsource": "OSVDB", + "url": "http://osvdb.org/60513" + }, + { + "name": "37143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37143" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4564.json b/2009/4xxx/CVE-2009-4564.json index 82cba4e651d..9a62965c84f 100644 --- a/2009/4xxx/CVE-2009-4564.json +++ b/2009/4xxx/CVE-2009-4564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9154", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9154", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9154" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2280.json b/2012/2xxx/CVE-2012-2280.json index f799ececf82..ed03838dfa4 100644 --- a/2012/2xxx/CVE-2012-2280.json +++ b/2012/2xxx/CVE-2012-2280.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a \"Cross frame scripting vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a \"Cross frame scripting vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2530.json b/2012/2xxx/CVE-2012-2530.json index d5598170b3e..1b9d03ee82f 100644 --- a/2012/2xxx/CVE-2012-2530.json +++ b/2012/2xxx/CVE-2012-2530.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-075", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15936", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15936" - }, - { - "name" : "1027750", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027750" - }, - { - "name" : "51239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "1027750", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027750" + }, + { + "name": "oval:org.mitre.oval:def:15936", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15936" + }, + { + "name": "MS12-075", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" + }, + { + "name": "51239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51239" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2666.json b/2012/2xxx/CVE-2012-2666.json index d70ad968be6..0e477fb39ab 100644 --- a/2012/2xxx/CVE-2012-2666.json +++ b/2012/2xxx/CVE-2012-2666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2897.json b/2012/2xxx/CVE-2012-2897.json index 0f2d2faf9bd..def092ee25f 100644 --- a/2012/2xxx/CVE-2012-2897.json +++ b/2012/2xxx/CVE-2012-2897.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka \"Windows Font Parsing Vulnerability\" or \"TrueType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=146254", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=146254" - }, - { - "name" : "MS12-075", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15847", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847" - }, - { - "name" : "1027750", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027750" - }, - { - "name" : "51239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51239" - }, - { - "name" : "google-chrome-cve20122897(78822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka \"Windows Font Parsing Vulnerability\" or \"TrueType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-cve20122897(78822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78822" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "oval:org.mitre.oval:def:15847", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847" + }, + { + "name": "1027750", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027750" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=146254", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=146254" + }, + { + "name": "MS12-075", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" + }, + { + "name": "51239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51239" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0500.json b/2015/0xxx/CVE-2015-0500.json index 5ba298e7fcb..70b00827d22 100644 --- a/2015/0xxx/CVE-2015-0500.json +++ b/2015/0xxx/CVE-2015-0500.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "GLSA-201507-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-19" - }, - { - "name" : "SUSE-SU-2015:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" - }, - { - "name" : "74081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74081" - }, - { - "name" : "1032121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201507-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-19" + }, + { + "name": "1032121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032121" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "74081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74081" + }, + { + "name": "SUSE-SU-2015:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0646.json b/2015/0xxx/CVE-2015-0646.json index 9fe79dfd398..4c5278e5f86 100644 --- a/2015/0xxx/CVE-2015-0646.json +++ b/2015/0xxx/CVE-2015-0646.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2015-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150325 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak" - }, - { - "name" : "73340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73340" - }, - { - "name" : "1031980", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150325 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak" + }, + { + "name": "73340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73340" + }, + { + "name": "1031980", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031980" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0908.json b/2015/0xxx/CVE-2015-0908.json index 085945e360b..4de100fd4ed 100644 --- a/2015/0xxx/CVE-2015-0908.json +++ b/2015/0xxx/CVE-2015-0908.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0908", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0908", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1315.json b/2015/1xxx/CVE-2015-1315.json index 70291eeccf7..16d7db450a3 100644 --- a/2015/1xxx/CVE-2015-1315.json +++ b/2015/1xxx/CVE-2015-1315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2015-1315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150217 CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/17/4" - }, - { - "name" : "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt", - "refsource" : "MISC", - "url" : "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120" - }, - { - "name" : "USN-2502-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2502-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120" + }, + { + "name": "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt", + "refsource": "MISC", + "url": "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt" + }, + { + "name": "[oss-security] 20150217 CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/17/4" + }, + { + "name": "USN-2502-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2502-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1569.json b/2015/1xxx/CVE-2015-1569.json index abc6e050821..0254735a18c 100644 --- a/2015/1xxx/CVE-2015-1569.json +++ b/2015/1xxx/CVE-2015-1569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150129 Fortinet FortiClient Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/124" - }, - { - "name" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf" + }, + { + "name": "20150129 Fortinet FortiClient Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/124" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1675.json b/2015/1xxx/CVE-2015-1675.json index 60a42430aff..8947c9553b5 100644 --- a/2015/1xxx/CVE-2015-1675.json +++ b/2015/1xxx/CVE-2015-1675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" - }, - { - "name" : "1032280", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032280", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032280" + }, + { + "name": "MS15-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1825.json b/2015/1xxx/CVE-2015-1825.json index 892da00a993..41ccad1a0b5 100644 --- a/2015/1xxx/CVE-2015-1825.json +++ b/2015/1xxx/CVE-2015-1825.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1825", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1825", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1914.json b/2015/1xxx/CVE-2015-1914.json index 8b35620ec84..5e8a84f6b53 100644 --- a/2015/1xxx/CVE-2015-1914.json +++ b/2015/1xxx/CVE-2015-1914.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-1914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" - }, - { - "name" : "IV72245", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72245" - }, - { - "name" : "IV72246", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72246" - }, - { - "name" : "RHSA-2015:1006", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" - }, - { - "name" : "RHSA-2015:1007", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" - }, - { - "name" : "RHSA-2015:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" - }, - { - "name" : "RHSA-2015:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" - }, - { - "name" : "RHSA-2015:1091", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" - }, - { - "name" : "SUSE-SU-2015:1085", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" - }, - { - "name" : "SUSE-SU-2015:1086", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" - }, - { - "name" : "SUSE-SU-2015:1138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" - }, - { - "name" : "SUSE-SU-2015:1161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" - }, - { - "name" : "SUSE-SU-2015:1073", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html" - }, - { - "name" : "74645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1007", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html" + }, + { + "name": "IV72245", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72245" + }, + { + "name": "RHSA-2015:1006", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html" + }, + { + "name": "RHSA-2015:1091", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" + }, + { + "name": "SUSE-SU-2015:1138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" + }, + { + "name": "RHSA-2015:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html" + }, + { + "name": "SUSE-SU-2015:1086", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" + }, + { + "name": "74645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74645" + }, + { + "name": "SUSE-SU-2015:1085", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" + }, + { + "name": "RHSA-2015:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html" + }, + { + "name": "SUSE-SU-2015:1073", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html" + }, + { + "name": "SUSE-SU-2015:1161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" + }, + { + "name": "IV72246", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72246" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5000.json b/2015/5xxx/CVE-2015-5000.json index 1e7ace3f690..24ed3cb2d46 100644 --- a/2015/5xxx/CVE-2015-5000.json +++ b/2015/5xxx/CVE-2015-5000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5000", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5000", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5593.json b/2015/5xxx/CVE-2015-5593.json index 1d1a81f2321..f358e8c3418 100644 --- a/2015/5xxx/CVE-2015-5593.json +++ b/2015/5xxx/CVE-2015-5593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5673.json b/2015/5xxx/CVE-2015-5673.json index 1974870066b..d51f74079f2 100644 --- a/2015/5xxx/CVE-2015-5673.json +++ b/2015/5xxx/CVE-2015-5673.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a \"gcloud compute\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa", - "refsource" : "CONFIRM", - "url" : "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa" - }, - { - "name" : "https://github.com/isucon/isucon5-qualify/pull/5", - "refsource" : "CONFIRM", - "url" : "https://github.com/isucon/isucon5-qualify/pull/5" - }, - { - "name" : "JVN#04281281", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN04281281/index.html" - }, - { - "name" : "JVNDB-2015-000175", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a \"gcloud compute\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2015-000175", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000175" + }, + { + "name": "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa", + "refsource": "CONFIRM", + "url": "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa" + }, + { + "name": "https://github.com/isucon/isucon5-qualify/pull/5", + "refsource": "CONFIRM", + "url": "https://github.com/isucon/isucon5-qualify/pull/5" + }, + { + "name": "JVN#04281281", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN04281281/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5964.json b/2015/5xxx/CVE-2015-5964.json index 7713e2718e9..4cf15b7e0d0 100644 --- a/2015/5xxx/CVE-2015-5964.json +++ b/2015/5xxx/CVE-2015-5964.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", - "refsource" : "MISC", - "url" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3338", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3338" - }, - { - "name" : "FEDORA-2015-1dd5bc998f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" - }, - { - "name" : "RHSA-2015:1894", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1894.html" - }, - { - "name" : "RHSA-2015:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1766.html" - }, - { - "name" : "RHSA-2015:1767", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1767.html" - }, - { - "name" : "USN-2720-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2720-1" - }, - { - "name" : "76440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76440" - }, - { - "name" : "1033318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2015-1dd5bc998f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" + }, + { + "name": "RHSA-2015:1894", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html" + }, + { + "name": "DSA-3338", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3338" + }, + { + "name": "1033318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033318" + }, + { + "name": "RHSA-2015:1767", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html" + }, + { + "name": "USN-2720-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2720-1" + }, + { + "name": "RHSA-2015:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html" + }, + { + "name": "76440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76440" + }, + { + "name": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", + "refsource": "MISC", + "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11312.json b/2018/11xxx/CVE-2018-11312.json index cc08f18dfa3..e811261699e 100644 --- a/2018/11xxx/CVE-2018-11312.json +++ b/2018/11xxx/CVE-2018-11312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3321.json b/2018/3xxx/CVE-2018-3321.json index d7fa3c54024..89e5d66c21e 100644 --- a/2018/3xxx/CVE-2018-3321.json +++ b/2018/3xxx/CVE-2018-3321.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3321", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3321", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3554.json b/2018/3xxx/CVE-2018-3554.json index 8bd0f1dbec8..e36836110a8 100644 --- a/2018/3xxx/CVE-2018-3554.json +++ b/2018/3xxx/CVE-2018-3554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3582.json b/2018/3xxx/CVE-2018-3582.json index 7eda9bfd056..564f182d931 100644 --- a/2018/3xxx/CVE-2018-3582.json +++ b/2018/3xxx/CVE-2018-3582.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3697.json b/2018/3xxx/CVE-2018-3697.json index 16f6a38e0ca..7a4619d8085 100644 --- a/2018/3xxx/CVE-2018-3697.json +++ b/2018/3xxx/CVE-2018-3697.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2018-3697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Media Server Studio", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 2019 Beta Release" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2018-3697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Media Server Studio", + "version": { + "version_data": [ + { + "version_value": "Versions before 2019 Beta Release" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html" - }, - { - "name" : "106025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html" + }, + { + "name": "106025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106025" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3924.json b/2018/3xxx/CVE-2018-3924.json index a0c037106c1..3f9a7fc5d0b 100644 --- a/2018/3xxx/CVE-2018-3924.json +++ b/2018/3xxx/CVE-2018-3924.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-19T00:00:00", - "ID" : "CVE-2018-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit", - "version" : { - "version_data" : [ - { - "version_value" : "Foxit Software Foxit PDF Reader 9.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-19T00:00:00", + "ID": "CVE-2018-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588" - }, - { - "name" : "1041353", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041353", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041353" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3991.json b/2018/3xxx/CVE-2018-3991.json index c7bc1088a9a..fafcf1dc37b 100644 --- a/2018/3xxx/CVE-2018-3991.json +++ b/2018/3xxx/CVE-2018-3991.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2018-3991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2018-3991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf" - }, - { - "name" : "107005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659" + }, + { + "name": "107005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107005" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6551.json b/2018/6xxx/CVE-2018-6551.json index 2f002a4787d..ce11a97e825 100644 --- a/2018/6xxx/CVE-2018-6551.json +++ b/2018/6xxx/CVE-2018-6551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22774" - }, - { - "name" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22774" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6663.json b/2018/6xxx/CVE-2018-6663.json index e6321d11876..9ef1536593b 100644 --- a/2018/6xxx/CVE-2018-6663.json +++ b/2018/6xxx/CVE-2018-6663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7233.json b/2018/7xxx/CVE-2018-7233.json index c10c67fa015..25bb883ee8e 100644 --- a/2018/7xxx/CVE-2018-7233.json +++ b/2018/7xxx/CVE-2018-7233.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-03-01T00:00:00", - "ID" : "CVE-2018-7233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pelco Sarix Professional", - "version" : { - "version_data" : [ - { - "version_value" : "all firmware versions prior to 3.29.73" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-03-01T00:00:00", + "ID": "CVE-2018-7233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pelco Sarix Professional", + "version": { + "version_data": [ + { + "version_value": "all firmware versions prior to 3.29.73" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7515.json b/2018/7xxx/CVE-2018-7515.json index fe4233296b3..8c82108cee9 100644 --- a/2018/7xxx/CVE-2018-7515.json +++ b/2018/7xxx/CVE-2018-7515.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2018-7515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BeaconMedæs TotalAlert Scroll Medical Air Systems web application", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4107600010.23" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2018-7515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BeaconMedæs TotalAlert Scroll Medical Air Systems web application", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4107600010.23" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" - }, - { - "name" : "103394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103394" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7694.json b/2018/7xxx/CVE-2018-7694.json index 0c23bea6a1a..cc2a1c29632 100644 --- a/2018/7xxx/CVE-2018-7694.json +++ b/2018/7xxx/CVE-2018-7694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7772.json b/2018/7xxx/CVE-2018-7772.json index a61ae0142af..6295898a8d5 100644 --- a/2018/7xxx/CVE-2018-7772.json +++ b/2018/7xxx/CVE-2018-7772.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-04-05T00:00:00", - "ID" : "CVE-2018-7772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "U.Motion", - "version" : { - "version_data" : [ - { - "version_value" : "U.motion Builder Software, all versions prior to v1.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-04-05T00:00:00", + "ID": "CVE-2018-7772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "U.Motion", + "version": { + "version_data": [ + { + "version_value": "U.motion Builder Software, all versions prior to v1.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7848.json b/2018/7xxx/CVE-2018-7848.json index 3c43e3f8b30..416c19b7b36 100644 --- a/2018/7xxx/CVE-2018-7848.json +++ b/2018/7xxx/CVE-2018-7848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8117.json b/2018/8xxx/CVE-2018-8117.json index ae1231cb0a0..9acc66195cc 100644 --- a/2018/8xxx/CVE-2018-8117.json +++ b/2018/8xxx/CVE-2018-8117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Wireless Keyboard 850", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Wireless Keyboard 850" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Wireless Keyboard 850", + "version": { + "version_data": [ + { + "version_value": "Microsoft Wireless Keyboard 850" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117" - }, - { - "name" : "103711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103711" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8640.json b/2018/8xxx/CVE-2018-8640.json index ea53071fa8c..ea7c50d812a 100644 --- a/2018/8xxx/CVE-2018-8640.json +++ b/2018/8xxx/CVE-2018-8640.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8640", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8640", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8679.json b/2018/8xxx/CVE-2018-8679.json index 03790950fb0..593242b05aa 100644 --- a/2018/8xxx/CVE-2018-8679.json +++ b/2018/8xxx/CVE-2018-8679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8679", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8679", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file