From c14f1b68f9689b15f232988369f2de2e7719254d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:40:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0698.json | 160 +++++------ 2002/0xxx/CVE-2002-0800.json | 140 +++++----- 2002/2xxx/CVE-2002-2369.json | 150 +++++------ 2005/0xxx/CVE-2005-0013.json | 200 +++++++------- 2005/0xxx/CVE-2005-0406.json | 130 ++++----- 2005/0xxx/CVE-2005-0741.json | 130 ++++----- 2005/0xxx/CVE-2005-0759.json | 170 ++++++------ 2005/0xxx/CVE-2005-0824.json | 130 ++++----- 2005/0xxx/CVE-2005-0882.json | 170 ++++++------ 2005/1xxx/CVE-2005-1772.json | 140 +++++----- 2005/1xxx/CVE-2005-1889.json | 130 ++++----- 2005/4xxx/CVE-2005-4304.json | 150 +++++------ 2005/4xxx/CVE-2005-4489.json | 170 ++++++------ 2009/0xxx/CVE-2009-0026.json | 190 ++++++------- 2009/0xxx/CVE-2009-0277.json | 150 +++++------ 2009/0xxx/CVE-2009-0279.json | 140 +++++----- 2009/0xxx/CVE-2009-0485.json | 170 ++++++------ 2009/1xxx/CVE-2009-1373.json | 360 ++++++++++++------------- 2009/1xxx/CVE-2009-1705.json | 180 ++++++------- 2009/4xxx/CVE-2009-4067.json | 34 +-- 2009/4xxx/CVE-2009-4166.json | 130 ++++----- 2009/4xxx/CVE-2009-4651.json | 130 ++++----- 2009/5xxx/CVE-2009-5075.json | 120 ++++----- 2012/2xxx/CVE-2012-2085.json | 190 ++++++------- 2012/2xxx/CVE-2012-2180.json | 160 +++++------ 2012/2xxx/CVE-2012-2593.json | 34 +-- 2012/2xxx/CVE-2012-2627.json | 130 ++++----- 2012/3xxx/CVE-2012-3127.json | 170 ++++++------ 2012/3xxx/CVE-2012-3385.json | 140 +++++----- 2012/6xxx/CVE-2012-6351.json | 34 +-- 2012/6xxx/CVE-2012-6635.json | 130 ++++----- 2015/5xxx/CVE-2015-5210.json | 130 ++++----- 2015/5xxx/CVE-2015-5448.json | 140 +++++----- 2015/5xxx/CVE-2015-5615.json | 34 +-- 2017/2xxx/CVE-2017-2309.json | 130 ++++----- 2017/2xxx/CVE-2017-2315.json | 194 +++++++------- 2018/11xxx/CVE-2018-11392.json | 150 +++++------ 2018/14xxx/CVE-2018-14433.json | 34 +-- 2018/14xxx/CVE-2018-14463.json | 34 +-- 2018/15xxx/CVE-2018-15093.json | 34 +-- 2018/15xxx/CVE-2018-15571.json | 130 ++++----- 2018/15xxx/CVE-2018-15714.json | 122 ++++----- 2018/15xxx/CVE-2018-15797.json | 186 ++++++------- 2018/15xxx/CVE-2018-15920.json | 140 +++++----- 2018/3xxx/CVE-2018-3133.json | 216 +++++++-------- 2018/3xxx/CVE-2018-3780.json | 130 ++++----- 2018/8xxx/CVE-2018-8196.json | 34 +-- 2018/8xxx/CVE-2018-8511.json | 178 ++++++------- 2018/8xxx/CVE-2018-8596.json | 468 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8690.json | 34 +-- 2018/8xxx/CVE-2018-8894.json | 120 ++++----- 51 files changed, 3600 insertions(+), 3600 deletions(-) diff --git a/2002/0xxx/CVE-2002-0698.json b/2002/0xxx/CVE-2002-0698.json index dec82032e67..9742d98cd17 100644 --- a/2002/0xxx/CVE-2002-0698.json +++ b/2002/0xxx/CVE-2002-0698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759" - }, - { - "name" : "Q326322", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322" - }, - { - "name" : "MS02-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037" - }, - { - "name" : "exchange-imc-ehlo-bo(9658)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9658.php" - }, - { - "name" : "5306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759" + }, + { + "name": "MS02-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037" + }, + { + "name": "Q326322", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322" + }, + { + "name": "exchange-imc-ehlo-bo(9658)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9658.php" + }, + { + "name": "5306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5306" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0800.json b/2002/0xxx/CVE-2002-0800.json index bb88e795955..40d740ed68f 100644 --- a/2002/0xxx/CVE-2002-0800.json +++ b/2002/0xxx/CVE-2002-0800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020601 BadBlue Web Server v1.7.0 Directory Contents Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html" - }, - { - "name" : "badblue-directory-contents-disclosure(9239)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9239.php" - }, - { - "name" : "4912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4912" + }, + { + "name": "20020601 BadBlue Web Server v1.7.0 Directory Contents Disclosure", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0003.html" + }, + { + "name": "badblue-directory-contents-disclosure(9239)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9239.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2369.json b/2002/2xxx/CVE-2002-2369.json index cb88987ac35..ea7c07d72c7 100644 --- a/2002/2xxx/CVE-2002-2369.json +++ b/2002/2xxx/CVE-2002-2369.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading \"/./\" in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021024 [SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/0372.html" - }, - { - "name" : "http://www.securityoffice.net/articles/liteserve/", - "refsource" : "MISC", - "url" : "http://www.securityoffice.net/articles/liteserve/" - }, - { - "name" : "6042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6042" - }, - { - "name" : "perception-liteserve-file-access(10468)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10468.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading \"/./\" in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityoffice.net/articles/liteserve/", + "refsource": "MISC", + "url": "http://www.securityoffice.net/articles/liteserve/" + }, + { + "name": "6042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6042" + }, + { + "name": "20021024 [SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/0372.html" + }, + { + "name": "perception-liteserve-file-access(10468)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10468.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0013.json b/2005/0xxx/CVE-2005-0013.json index 350f068c83c..7dd55112864 100644 --- a/2005/0xxx/CVE-2005-0013.json +++ b/2005/0xxx/CVE-2005-0013.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6", - "refsource" : "CONFIRM", - "url" : "ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6" - }, - { - "name" : "DSA-665", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-665" - }, - { - "name" : "FLSA:152904", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/433927/100/0/threaded" - }, - { - "name" : "GLSA-200501-44", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml" - }, - { - "name" : "MDKSA-2005:028", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:028" - }, - { - "name" : "RHSA-2005:371", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-371.html" - }, - { - "name" : "12400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12400" - }, - { - "name" : "13297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13297" - }, - { - "name" : "1013019", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-665", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-665" + }, + { + "name": "13297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13297" + }, + { + "name": "FLSA:152904", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/433927/100/0/threaded" + }, + { + "name": "ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6", + "refsource": "CONFIRM", + "url": "ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6" + }, + { + "name": "MDKSA-2005:028", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:028" + }, + { + "name": "12400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12400" + }, + { + "name": "1013019", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013019" + }, + { + "name": "GLSA-200501-44", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml" + }, + { + "name": "RHSA-2005:371", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-371.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0406.json b/2005/0xxx/CVE-2005-0406.json index 9c00fd12979..05a3dfd057f 100644 --- a/2005/0xxx/CVE-2005-0406.json +++ b/2005/0xxx/CVE-2005-0406.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 Advisory: JPEG EXIF information disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt" + }, + { + "name": "20050214 Advisory: JPEG EXIF information disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0741.json b/2005/0xxx/CVE-2005-0741.json index a16e690f95e..83c31bd1711 100644 --- a/2005/0xxx/CVE-2005-0741.json +++ b/2005/0xxx/CVE-2005-0741.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12756" - }, - { - "name" : "1013420", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013420", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013420" + }, + { + "name": "12756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12756" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0759.json b/2005/0xxx/CVE-2005-0759.json index 928446b819c..5e5d1341e12 100644 --- a/2005/0xxx/CVE-2005-0759.json +++ b/2005/0xxx/CVE-2005-0759.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-702", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-702" - }, - { - "name" : "RHSA-2005:070", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2005-070.html" - }, - { - "name" : "SUSE-SA:2005:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" - }, - { - "name" : "12875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12875" - }, - { - "name" : "oval:org.mitre.oval:def:11022", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11022" - }, - { - "name" : "1013550", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013550", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013550" + }, + { + "name": "12875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12875" + }, + { + "name": "SUSE-SA:2005:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" + }, + { + "name": "oval:org.mitre.oval:def:11022", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11022" + }, + { + "name": "RHSA-2005:070", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2005-070.html" + }, + { + "name": "DSA-702", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-702" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0824.json b/2005/0xxx/CVE-2005-0824.json index 7b730fa2f1e..584d5e846f6 100644 --- a/2005/0xxx/CVE-2005-0824.json +++ b/2005/0xxx/CVE-2005-0824.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14524" - }, - { - "name" : "http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html", - "refsource" : "CONFIRM", - "url" : "http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html", + "refsource": "CONFIRM", + "url": "http://www.mail-archive.com/mathopd%40mathopd.org/msg00272.html" + }, + { + "name": "14524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14524" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0882.json b/2005/0xxx/CVE-2005-0882.json index d0846e11156..fd1bd773a49 100644 --- a/2005/0xxx/CVE-2005-0882.json +++ b/2005/0xxx/CVE-2005-0882.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://birdblog.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://birdblog.sourceforge.net/ChangeLog" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/birdblog/birdblog/admin/admincore.php?r1=1.4&r2=1.5", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/birdblog/birdblog/admin/admincore.php?r1=1.4&r2=1.5" - }, - { - "name" : "12880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12880" - }, - { - "name" : "1013548", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013548" - }, - { - "name" : "14676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14676" - }, - { - "name" : "birdblog-admincore-sql-injection(19799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://birdblog.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://birdblog.sourceforge.net/ChangeLog" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/birdblog/birdblog/admin/admincore.php?r1=1.4&r2=1.5", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/birdblog/birdblog/admin/admincore.php?r1=1.4&r2=1.5" + }, + { + "name": "birdblog-admincore-sql-injection(19799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19799" + }, + { + "name": "12880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12880" + }, + { + "name": "1013548", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013548" + }, + { + "name": "14676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14676" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1772.json b/2005/1xxx/CVE-2005-1772.json index 8ca872cd84a..353011a2bad 100644 --- a/2005/1xxx/CVE-2005-1772.json +++ b/2005/1xxx/CVE-2005-1772.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050526 Buffer-overflow and crash in Terminator 3: War of the Machines 1.16", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111713248227479&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/t3wmbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/t3wmbof-adv.txt" - }, - { - "name" : "15520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050526 Buffer-overflow and crash in Terminator 3: War of the Machines 1.16", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111713248227479&w=2" + }, + { + "name": "15520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15520" + }, + { + "name": "http://aluigi.altervista.org/adv/t3wmbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/t3wmbof-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1889.json b/2005/1xxx/CVE-2005-1889.json index 54efd29f0b5..c424d0a7af4 100644 --- a/2005/1xxx/CVE-2005-1889.json +++ b/2005/1xxx/CVE-2005-1889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "101690", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1" - }, - { - "name" : "ADV-2005-0695", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101690", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1" + }, + { + "name": "ADV-2005-0695", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0695" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4304.json b/2005/4xxx/CVE-2005-4304.json index 8ce15e7499a..88597ef9c4c 100644 --- a/2005/4xxx/CVE-2005-4304.json +++ b/2005/4xxx/CVE-2005-4304.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html" - }, - { - "name" : "15908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15908" - }, - { - "name" : "21798", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21798" - }, - { - "name" : "18043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15908" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html" + }, + { + "name": "18043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18043" + }, + { + "name": "21798", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21798" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4489.json b/2005/4xxx/CVE-2005-4489.json index 0c3eb4b7e61..5ccab28f194 100644 --- a/2005/4xxx/CVE-2005-4489.json +++ b/2005/4xxx/CVE-2005-4489.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/scoop-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/scoop-xss-vuln.html" - }, - { - "name" : "16014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16014" - }, - { - "name" : "ADV-2005-3041", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3041" - }, - { - "name" : "21944", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21944" - }, - { - "name" : "21945", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21945" - }, - { - "name" : "18182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21945", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21945" + }, + { + "name": "16014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16014" + }, + { + "name": "21944", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21944" + }, + { + "name": "ADV-2005-3041", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3041" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/scoop-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/scoop-xss-vuln.html" + }, + { + "name": "18182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18182" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0026.json b/2009/0xxx/CVE-2009-0026.json index 604ada00d70..07dbd707537 100644 --- a/2009/0xxx/CVE-2009-0026.json +++ b/2009/0xxx/CVE-2009-0026.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500196/100/0/threaded" - }, - { - "name" : "https://issues.apache.org/jira/browse/JCR-1925", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/JCR-1925" - }, - { - "name" : "http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt" - }, - { - "name" : "33360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33360" - }, - { - "name" : "ADV-2009-0177", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0177" - }, - { - "name" : "33576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33576" - }, - { - "name" : "4942", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4942" - }, - { - "name" : "jackrabbit-search-swr-xss(48110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4942", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4942" + }, + { + "name": "20090120 [ANNOUNCE] Apache Jackrabbit 1.5.2 released", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500196/100/0/threaded" + }, + { + "name": "http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt" + }, + { + "name": "jackrabbit-search-swr-xss(48110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48110" + }, + { + "name": "33576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33576" + }, + { + "name": "https://issues.apache.org/jira/browse/JCR-1925", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/JCR-1925" + }, + { + "name": "ADV-2009-0177", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0177" + }, + { + "name": "33360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33360" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0277.json b/2009/0xxx/CVE-2009-0277.json index bcb1de70f5c..3b9dafc5e8e 100644 --- a/2009/0xxx/CVE-2009-0277.json +++ b/2009/0xxx/CVE-2009-0277.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "250066", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1" - }, - { - "name" : "33398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33398" - }, - { - "name" : "ADV-2009-0209", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0209" - }, - { - "name" : "solaris-ultrasparct2-dos(48164)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0209", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0209" + }, + { + "name": "33398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33398" + }, + { + "name": "solaris-ultrasparct2-dos(48164)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48164" + }, + { + "name": "250066", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250066-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0279.json b/2009/0xxx/CVE-2009-0279.json index b55ed736c3c..07fd0bd7380 100644 --- a/2009/0xxx/CVE-2009-0279.json +++ b/2009/0xxx/CVE-2009-0279.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7851" - }, - { - "name" : "33404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33404" - }, - { - "name" : "pardalcms-comentar-sql-injection(48175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7851" + }, + { + "name": "33404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33404" + }, + { + "name": "pardalcms-comentar-sql-injection(48175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48175" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0485.json b/2009/0xxx/CVE-2009-0485.json index 8bac0c80588..1f92176f33e 100644 --- a/2009/0xxx/CVE-2009-0485.json +++ b/2009/0xxx/CVE-2009-0485.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.22.6/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.22.6/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466692", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=466692" - }, - { - "name" : "FEDORA-2009-2417", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" - }, - { - "name" : "FEDORA-2009-2418", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" - }, - { - "name" : "33580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33580" - }, - { - "name" : "34361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-2418", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" + }, + { + "name": "FEDORA-2009-2417", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=466692", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=466692" + }, + { + "name": "34361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34361" + }, + { + "name": "http://www.bugzilla.org/security/2.22.6/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.22.6/" + }, + { + "name": "33580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33580" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1373.json b/2009/1xxx/CVE-2009-1373.json index febbe39b2fb..4a21c5a518a 100644 --- a/2009/1xxx/CVE-2009-1373.json +++ b/2009/1xxx/CVE-2009-1373.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pidgin.im/news/security/?id=29", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=29" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500488", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500488" - }, - { - "name" : "DSA-1805", - "refsource" : "DEBIAN", - "url" : "http://debian.org/security/2009/dsa-1805" - }, - { - "name" : "FEDORA-2009-5552", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html" - }, - { - "name" : "FEDORA-2009-5583", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html" - }, - { - "name" : "FEDORA-2009-5597", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html" - }, - { - "name" : "GLSA-200905-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml" - }, - { - "name" : "MDVSA-2009:140", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140" - }, - { - "name" : "MDVSA-2009:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173" - }, - { - "name" : "RHSA-2009:1059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1059.html" - }, - { - "name" : "RHSA-2009:1060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1060.html" - }, - { - "name" : "USN-781-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-781-1" - }, - { - "name" : "USN-781-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-781-2" - }, - { - "name" : "35067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35067" - }, - { - "name" : "oval:org.mitre.oval:def:9005", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005" - }, - { - "name" : "oval:org.mitre.oval:def:17722", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722" - }, - { - "name" : "35194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35194" - }, - { - "name" : "35202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35202" - }, - { - "name" : "35188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35188" - }, - { - "name" : "35215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35215" - }, - { - "name" : "35294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35294" - }, - { - "name" : "35329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35329" - }, - { - "name" : "35330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35330" - }, - { - "name" : "ADV-2009-1396", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1396" - }, - { - "name" : "pidgin-xmppsocks5-bo(50682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-5597", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html" + }, + { + "name": "RHSA-2009:1060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html" + }, + { + "name": "USN-781-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-781-2" + }, + { + "name": "RHSA-2009:1059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1059.html" + }, + { + "name": "GLSA-200905-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml" + }, + { + "name": "oval:org.mitre.oval:def:9005", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005" + }, + { + "name": "35067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35067" + }, + { + "name": "FEDORA-2009-5583", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html" + }, + { + "name": "35329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35329" + }, + { + "name": "USN-781-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-781-1" + }, + { + "name": "oval:org.mitre.oval:def:17722", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722" + }, + { + "name": "DSA-1805", + "refsource": "DEBIAN", + "url": "http://debian.org/security/2009/dsa-1805" + }, + { + "name": "MDVSA-2009:140", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140" + }, + { + "name": "35294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35294" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500488", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488" + }, + { + "name": "35188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35188" + }, + { + "name": "pidgin-xmppsocks5-bo(50682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50682" + }, + { + "name": "35194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35194" + }, + { + "name": "FEDORA-2009-5552", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html" + }, + { + "name": "35202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35202" + }, + { + "name": "http://www.pidgin.im/news/security/?id=29", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=29" + }, + { + "name": "35215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35215" + }, + { + "name": "ADV-2009-1396", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1396" + }, + { + "name": "35330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35330" + }, + { + "name": "MDVSA-2009:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1705.json b/2009/1xxx/CVE-2009-1705.json index daaf4e2938c..7ea75aaf0ad 100644 --- a/2009/1xxx/CVE-2009-1705.json +++ b/2009/1xxx/CVE-2009-1705.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT3613", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3613" - }, - { - "name" : "APPLE-SA-2009-06-08-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" - }, - { - "name" : "35260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35260" - }, - { - "name" : "35308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35308" - }, - { - "name" : "54974", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54974" - }, - { - "name" : "35379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35379" - }, - { - "name" : "ADV-2009-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35308" + }, + { + "name": "APPLE-SA-2009-06-08-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" + }, + { + "name": "35260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35260" + }, + { + "name": "ADV-2009-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1522" + }, + { + "name": "35379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35379" + }, + { + "name": "54974", + "refsource": "OSVDB", + "url": "http://osvdb.org/54974" + }, + { + "name": "http://support.apple.com/kb/HT3613", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3613" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4067.json b/2009/4xxx/CVE-2009-4067.json index f630d4327b8..02022c062db 100644 --- a/2009/4xxx/CVE-2009-4067.json +++ b/2009/4xxx/CVE-2009-4067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4166.json b/2009/4xxx/CVE-2009-4166.json index 5eaeb960e00..978f1f1af42 100644 --- a/2009/4xxx/CVE-2009-4166.json +++ b/2009/4xxx/CVE-2009-4166.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/mchtrips/2.0.1/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4651.json b/2009/4xxx/CVE-2009-4651.json index bb8bdf2a323..48010bb787d 100644 --- a/2009/4xxx/CVE-2009-4651.json +++ b/2009/4xxx/CVE-2009-4651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html" - }, - { - "name" : "38204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38204" + }, + { + "name": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html", + "refsource": "MISC", + "url": "http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5075.json b/2009/5xxx/CVE-2009-5075.json index 12012f614fd..c5f54967e1e 100644 --- a/2009/5xxx/CVE-2009-5075.json +++ b/2009/5xxx/CVE-2009-5075.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.monkeysaudio.com/versionhistory.html", - "refsource" : "CONFIRM", - "url" : "http://www.monkeysaudio.com/versionhistory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.monkeysaudio.com/versionhistory.html", + "refsource": "CONFIRM", + "url": "http://www.monkeysaudio.com/versionhistory.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2085.json b/2012/2xxx/CVE-2012-2085.json index f3141aee33f..ea672b0e5ec 100644 --- a/2012/2xxx/CVE-2012-2085.json +++ b/2012/2xxx/CVE-2012-2085.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120408 CVE request: gajim - code execution and sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/08/1" - }, - { - "name" : "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/08/2" - }, - { - "name" : "https://trac.gajim.org/changeset/bc296e96ac10", - "refsource" : "CONFIRM", - "url" : "https://trac.gajim.org/changeset/bc296e96ac10" - }, - { - "name" : "https://trac.gajim.org/ticket/7031", - "refsource" : "CONFIRM", - "url" : "https://trac.gajim.org/ticket/7031" - }, - { - "name" : "GLSA-201208-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201208-04.xml" - }, - { - "name" : "52943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52943" - }, - { - "name" : "48708", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48708" - }, - { - "name" : "48794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48794" + }, + { + "name": "48708", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48708" + }, + { + "name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/1" + }, + { + "name": "GLSA-201208-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201208-04.xml" + }, + { + "name": "https://trac.gajim.org/ticket/7031", + "refsource": "CONFIRM", + "url": "https://trac.gajim.org/ticket/7031" + }, + { + "name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/2" + }, + { + "name": "https://trac.gajim.org/changeset/bc296e96ac10", + "refsource": "CONFIRM", + "url": "https://trac.gajim.org/changeset/bc296e96ac10" + }, + { + "name": "52943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52943" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2180.json b/2012/2xxx/CVE-2012-2180.json index 09852eecc19..ff6710da0a7 100644 --- a/2012/2xxx/CVE-2012-2180.json +++ b/2012/2xxx/CVE-2012-2180.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21597090", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21597090" - }, - { - "name" : "IC82234", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC82234" - }, - { - "name" : "IC82367", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC82367" - }, - { - "name" : "53873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53873" - }, - { - "name" : "db2-drdaconnection-dos(75418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "db2-drdaconnection-dos(75418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75418" + }, + { + "name": "IC82234", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82234" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21597090", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21597090" + }, + { + "name": "53873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53873" + }, + { + "name": "IC82367", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC82367" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2593.json b/2012/2xxx/CVE-2012-2593.json index 2ea0e476964..824602ecc47 100644 --- a/2012/2xxx/CVE-2012-2593.json +++ b/2012/2xxx/CVE-2012-2593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2627.json b/2012/2xxx/CVE-2012-2627.json index 82feebd57e5..d7e3a5f04c1 100644 --- a/2012/2xxx/CVE-2012-2627.json +++ b/2012/2xxx/CVE-2012-2627.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html", - "refsource" : "MISC", - "url" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\\Scrutinizer\\snmp\\mibs\\ via a multipart/form-data POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt" + }, + { + "name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html", + "refsource": "MISC", + "url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3127.json b/2012/3xxx/CVE-2012-3127.json index 056d32072d6..4e85f791ac6 100644 --- a/2012/3xxx/CVE-2012-3127.json +++ b/2012/3xxx/CVE-2012-3127.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54510" - }, - { - "name" : "83937", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83937" - }, - { - "name" : "1027274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027274" - }, - { - "name" : "solaris-sctp7p-dos(77044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-sctp7p-dos(77044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77044" + }, + { + "name": "54510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54510" + }, + { + "name": "1027274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027274" + }, + { + "name": "83937", + "refsource": "OSVDB", + "url": "http://osvdb.org/83937" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3385.json b/2012/3xxx/CVE-2012-3385.json index 655573dfac0..44f162f5a7a 100644 --- a/2012/3xxx/CVE-2012-3385.json +++ b/2012/3xxx/CVE-2012-3385.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120702 CVE #'s for WordPress 3.4.1 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/02/1" - }, - { - "name" : "[oss-security] 20120707 Re: CVE #'s for WordPress 3.4.1 release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/08/1" - }, - { - "name" : "http://codex.wordpress.org/Version_3.4.1", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_3.4.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120707 Re: CVE #'s for WordPress 3.4.1 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/08/1" + }, + { + "name": "http://codex.wordpress.org/Version_3.4.1", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_3.4.1" + }, + { + "name": "[oss-security] 20120702 CVE #'s for WordPress 3.4.1 release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/02/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6351.json b/2012/6xxx/CVE-2012-6351.json index 072127e26cb..74d4fce7012 100644 --- a/2012/6xxx/CVE-2012-6351.json +++ b/2012/6xxx/CVE-2012-6351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6635.json b/2012/6xxx/CVE-2012-6635.json index 19ec5b18c14..9da7b1658c7 100644 --- a/2012/6xxx/CVE-2012-6635.json +++ b/2012/6xxx/CVE-2012-6635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codex.wordpress.org/Version_3.3.3", - "refsource" : "CONFIRM", - "url" : "http://codex.wordpress.org/Version_3.3.3" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/21086", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/21086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://core.trac.wordpress.org/changeset/21086", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/21086" + }, + { + "name": "http://codex.wordpress.org/Version_3.3.3", + "refsource": "CONFIRM", + "url": "http://codex.wordpress.org/Version_3.3.3" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5210.json b/2015/5xxx/CVE-2015-5210.json index 22267bfc16c..d05ba7d6ba5 100644 --- a/2015/5xxx/CVE-2015-5210.json +++ b/2015/5xxx/CVE-2015-5210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151013 [CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/10/13/4" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities" + }, + { + "name": "[oss-security] 20151013 [CVE-2015-5210] Unvalidated Redirects and Forwards using targetURI parameter can enable phishing exploits", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/10/13/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5448.json b/2015/5xxx/CVE-2015-5448.json index 4dcba4bc371..da04358c4af 100644 --- a/2015/5xxx/CVE-2015-5448.json +++ b/2015/5xxx/CVE-2015-5448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04863562", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04863562" - }, - { - "name" : "77303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77303" - }, - { - "name" : "1033957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77303" + }, + { + "name": "1033957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033957" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04863562", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04863562" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5615.json b/2015/5xxx/CVE-2015-5615.json index f9db0b1c025..114a1e41560 100644 --- a/2015/5xxx/CVE-2015-5615.json +++ b/2015/5xxx/CVE-2015-5615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5615", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5615", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2309.json b/2017/2xxx/CVE-2017-2309.json index f9897c3d17f..1c30afabfa0 100644 --- a/2017/2xxx/CVE-2017-2309.json +++ b/2017/2xxx/CVE-2017-2309.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos Space", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 16.1R1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "version_value": "versions prior to 16.1R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10770", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10770" - }, - { - "name" : "98750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98750" + }, + { + "name": "https://kb.juniper.net/JSA10770", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10770" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2315.json b/2017/2xxx/CVE-2017-2315.json index 0da592f1a08..4b645472c86 100644 --- a/2017/2xxx/CVE-2017-2315.json +++ b/2017/2xxx/CVE-2017-2315.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS on EX series Ethernet Switches with IPv6 enabled", - "version" : { - "version_data" : [ - { - "version_value" : "12.3 prior to 12.3R12-S4, 12.3R13" - }, - { - "version_value" : "13.3 prior to 13.3R10" - }, - { - "version_value" : "14.1 prior to 14.1R8-S3, 14.1R9" - }, - { - "version_value" : "14.1X53 prior ro 14.1X53-D12, 14.1X53-D40" - }, - { - "version_value" : " 14.1X55 prior to 14.1X55-D35" - }, - { - "version_value" : "14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8" - }, - { - "version_value" : "15.1 prior to 15.1R5" - }, - { - "version_value" : "16.1 before 16.1R3" - }, - { - "version_value" : "16.2 before 16.2R1-S3, 16.2R2" - }, - { - "version_value" : "17.1R1 and all subsequent releases have a resolution for this vulnerability" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service vulnerability due to memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS on EX series Ethernet Switches with IPv6 enabled", + "version": { + "version_data": [ + { + "version_value": "12.3 prior to 12.3R12-S4, 12.3R13" + }, + { + "version_value": "13.3 prior to 13.3R10" + }, + { + "version_value": "14.1 prior to 14.1R8-S3, 14.1R9" + }, + { + "version_value": "14.1X53 prior ro 14.1X53-D12, 14.1X53-D40" + }, + { + "version_value": " 14.1X55 prior to 14.1X55-D35" + }, + { + "version_value": "14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8" + }, + { + "version_value": "15.1 prior to 15.1R5" + }, + { + "version_value": "16.1 before 16.1R3" + }, + { + "version_value": "16.2 before 16.2R1-S3, 16.2R2" + }, + { + "version_value": "17.1R1 and all subsequent releases have a resolution for this vulnerability" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10781", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10781" - }, - { - "name" : "97615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97615" - }, - { - "name" : "1038253", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 prior to 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior ro 14.1X53-D12, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1R5; 16.1 before 16.1R3; 16.2 before 16.2R1-S3, 16.2R2. 17.1R1 and all subsequent releases have a resolution for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service vulnerability due to memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038253", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038253" + }, + { + "name": "97615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97615" + }, + { + "name": "https://kb.juniper.net/JSA10781", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10781" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11392.json b/2018/11xxx/CVE-2018-11392.json index 355bb71a722..0c256caa3b8 100644 --- a/2018/11xxx/CVE-2018-11392.json +++ b/2018/11xxx/CVE-2018-11392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt \"PHP Login & User Management\" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180523 PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542038/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html" - }, - { - "name" : "https://doddsecurity.com/94/remote-code-execution-in-the-avatars/", - "refsource" : "MISC", - "url" : "https://doddsecurity.com/94/remote-code-execution-in-the-avatars/" - }, - { - "name" : "https://codecanyon.net/item/php-login-user-management/49008", - "refsource" : "CONFIRM", - "url" : "https://codecanyon.net/item/php-login-user-management/49008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt \"PHP Login & User Management\" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://doddsecurity.com/94/remote-code-execution-in-the-avatars/", + "refsource": "MISC", + "url": "https://doddsecurity.com/94/remote-code-execution-in-the-avatars/" + }, + { + "name": "http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html" + }, + { + "name": "https://codecanyon.net/item/php-login-user-management/49008", + "refsource": "CONFIRM", + "url": "https://codecanyon.net/item/php-login-user-management/49008" + }, + { + "name": "20180523 PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542038/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14433.json b/2018/14xxx/CVE-2018-14433.json index 362a3ef823e..76d07f4f24a 100644 --- a/2018/14xxx/CVE-2018-14433.json +++ b/2018/14xxx/CVE-2018-14433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index 06c416dd651..02d1d8e3906 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15093.json b/2018/15xxx/CVE-2018-15093.json index d9b32d8194b..bd4778cb7b0 100644 --- a/2018/15xxx/CVE-2018-15093.json +++ b/2018/15xxx/CVE-2018-15093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15571.json b/2018/15xxx/CVE-2018-15571.json index 7064f983c1a..19856d9812e 100644 --- a/2018/15xxx/CVE-2018-15571.json +++ b/2018/15xxx/CVE-2018-15571.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45206", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45206/" - }, - { - "name" : "https://hackpuntes.com/cve-2018-15571-wordpress-plugin-export-users-to-csv-1-1-1-csv-injection/", - "refsource" : "MISC", - "url" : "https://hackpuntes.com/cve-2018-15571-wordpress-plugin-export-users-to-csv-1-1-1-csv-injection/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackpuntes.com/cve-2018-15571-wordpress-plugin-export-users-to-csv-1-1-1-csv-injection/", + "refsource": "MISC", + "url": "https://hackpuntes.com/cve-2018-15571-wordpress-plugin-export-users-to-csv-1-1-1-csv-injection/" + }, + { + "name": "45206", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45206/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15714.json b/2018/15xxx/CVE-2018-15714.json index 8fd3df8f742..48aecb47c60 100644 --- a/2018/15xxx/CVE-2018-15714.json +++ b/2018/15xxx/CVE-2018-15714.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-11-13T00:00:00", - "ID" : "CVE-2018-15714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nagios XI", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "Nagios" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-11-13T00:00:00", + "ID": "CVE-2018-15714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nagios XI", + "version": { + "version_data": [ + { + "version_value": "5.5.6" + } + ] + } + } + ] + }, + "vendor_name": "Nagios" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-37", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-37" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-37", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-37" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15797.json b/2018/15xxx/CVE-2018-15797.json index 72c692dbf6c..5d6a020a1bd 100644 --- a/2018/15xxx/CVE-2018-15797.json +++ b/2018/15xxx/CVE-2018-15797.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-12-03T00:00:00.000Z", - "ID" : "CVE-2018-15797", - "STATE" : "PUBLIC", - "TITLE" : "NFS Volume release errand leaks cf admin credentials in logs" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NFS Volume Release", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "1.2", - "version_value" : "1.2.5" - }, - { - "affected" : "<", - "version_name" : "1.5", - "version_value" : "1.5.4" - }, - { - "affected" : "<", - "version_name" : "1.7", - "version_value" : "1.7.3" - } - ] - } - } - ] - }, - "vendor_name" : "Cloud Foundry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "ADJACENT_NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through Debug Information" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-12-03T00:00:00.000Z", + "ID": "CVE-2018-15797", + "STATE": "PUBLIC", + "TITLE": "NFS Volume release errand leaks cf admin credentials in logs" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NFS Volume Release", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "1.2", + "version_value": "1.2.5" + }, + { + "affected": "<", + "version_name": "1.5", + "version_value": "1.5.4" + }, + { + "affected": "<", + "version_name": "1.7", + "version_value": "1.7.3" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-15797", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-15797" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through Debug Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-15797", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-15797" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15920.json b/2018/15xxx/CVE-2018-15920.json index 94f7630c5c7..04896c46aaf 100644 --- a/2018/15xxx/CVE-2018-15920.json +++ b/2018/15xxx/CVE-2018-15920.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105441" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105441" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3133.json b/2018/3xxx/CVE-2018-3133.json index c1e7ae191cc..90493653821 100644 --- a/2018/3xxx/CVE-2018-3133.json +++ b/2018/3xxx/CVE-2018-3133.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.61 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.6.41 and prior" - }, - { - "version_affected" : "=", - "version_value" : "5.7.23 and prior" - }, - { - "version_affected" : "=", - "version_value" : "8.0.12 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.61 and prior" + }, + { + "version_affected": "=", + "version_value": "5.6.41 and prior" + }, + { + "version_affected": "=", + "version_value": "5.7.23 and prior" + }, + { + "version_affected": "=", + "version_value": "8.0.12 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" - }, - { - "name" : "RHSA-2018:3655", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3655" - }, - { - "name" : "USN-3799-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-1/" - }, - { - "name" : "USN-3799-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3799-2/" - }, - { - "name" : "105610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105610" - }, - { - "name" : "1041888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3799-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-2/" + }, + { + "name": "1041888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041888" + }, + { + "name": "RHSA-2018:3655", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3655" + }, + { + "name": "USN-3799-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3799-1/" + }, + { + "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + }, + { + "name": "105610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105610" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3780.json b/2018/3xxx/CVE-2018-3780.json index e8d81ca33fc..fe853f2f5b2 100644 --- a/2018/3xxx/CVE-2018-3780.json +++ b/2018/3xxx/CVE-2018-3780.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-3780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nextcloud/server", - "version" : { - "version_data" : [ - { - "version_value" : ">13.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "NextCloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-3780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nextcloud/server", + "version": { + "version_data": [ + { + "version_value": ">13.0.5" + } + ] + } + } + ] + }, + "vendor_name": "NextCloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/383117", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/383117" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=NC-SA-2018-008", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=NC-SA-2018-008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-008", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-008" + }, + { + "name": "https://hackerone.com/reports/383117", + "refsource": "MISC", + "url": "https://hackerone.com/reports/383117" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8196.json b/2018/8xxx/CVE-2018-8196.json index e0af61cd153..6a43291fa9a 100644 --- a/2018/8xxx/CVE-2018-8196.json +++ b/2018/8xxx/CVE-2018-8196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8511.json b/2018/8xxx/CVE-2018-8511.json index b762809d37f..31df9f7c101 100644 --- a/2018/8xxx/CVE-2018-8511.json +++ b/2018/8xxx/CVE-2018-8511.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511" - }, - { - "name" : "105471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105471" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105471" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8511" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8596.json b/2018/8xxx/CVE-2018-8596.json index a0fa4577c91..a0ea2919f11 100644 --- a/2018/8xxx/CVE-2018-8596.json +++ b/2018/8xxx/CVE-2018-8596.json @@ -1,236 +1,236 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8596", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8596" - }, - { - "name" : "106086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106086" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8596", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8596" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8690.json b/2018/8xxx/CVE-2018-8690.json index 4f82c3e8194..45fd60f3c2d 100644 --- a/2018/8xxx/CVE-2018-8690.json +++ b/2018/8xxx/CVE-2018-8690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8894.json b/2018/8xxx/CVE-2018-8894.json index 9ab940eb7fa..86d0fac34ca 100644 --- a/2018/8xxx/CVE-2018-8894.json +++ b/2018/8xxx/CVE-2018-8894.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222108", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222108", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222108" + } + ] + } +} \ No newline at end of file