From c210f6a33c6b87a82e7344104da264e952598916 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:56:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0532.json | 150 ++++++------- 2002/2xxx/CVE-2002-2142.json | 140 ++++++------ 2005/0xxx/CVE-2005-0157.json | 120 +++++----- 2005/0xxx/CVE-2005-0409.json | 130 +++++------ 2005/0xxx/CVE-2005-0422.json | 130 +++++------ 2005/0xxx/CVE-2005-0630.json | 150 ++++++------- 2005/0xxx/CVE-2005-0892.json | 130 +++++------ 2005/0xxx/CVE-2005-0949.json | 170 +++++++------- 2005/1xxx/CVE-2005-1216.json | 170 +++++++------- 2005/1xxx/CVE-2005-1372.json | 170 +++++++------- 2005/1xxx/CVE-2005-1552.json | 170 +++++++------- 2005/1xxx/CVE-2005-1877.json | 140 ++++++------ 2005/4xxx/CVE-2005-4090.json | 180 +++++++-------- 2005/4xxx/CVE-2005-4283.json | 160 ++++++------- 2005/4xxx/CVE-2005-4416.json | 150 ++++++------- 2009/0xxx/CVE-2009-0181.json | 140 ++++++------ 2009/0xxx/CVE-2009-0591.json | 400 ++++++++++++++++----------------- 2009/0xxx/CVE-2009-0603.json | 160 ++++++------- 2009/0xxx/CVE-2009-0811.json | 150 ++++++------- 2009/0xxx/CVE-2009-0871.json | 200 ++++++++--------- 2009/0xxx/CVE-2009-0998.json | 160 ++++++------- 2009/1xxx/CVE-2009-1334.json | 180 +++++++-------- 2009/1xxx/CVE-2009-1531.json | 200 ++++++++--------- 2009/1xxx/CVE-2009-1942.json | 170 +++++++------- 2009/4xxx/CVE-2009-4006.json | 210 ++++++++--------- 2009/4xxx/CVE-2009-4050.json | 130 +++++------ 2009/4xxx/CVE-2009-4083.json | 150 ++++++------- 2009/4xxx/CVE-2009-4199.json | 130 +++++------ 2009/4xxx/CVE-2009-4630.json | 130 +++++------ 2009/4xxx/CVE-2009-4804.json | 150 ++++++------- 2012/2xxx/CVE-2012-2395.json | 200 ++++++++--------- 2012/2xxx/CVE-2012-2396.json | 140 ++++++------ 2012/2xxx/CVE-2012-2608.json | 34 +-- 2012/2xxx/CVE-2012-2703.json | 160 ++++++------- 2012/3xxx/CVE-2012-3004.json | 120 +++++----- 2012/3xxx/CVE-2012-3539.json | 34 +-- 2012/3xxx/CVE-2012-3864.json | 200 ++++++++--------- 2012/3xxx/CVE-2012-3988.json | 270 +++++++++++----------- 2012/6xxx/CVE-2012-6402.json | 34 +-- 2012/6xxx/CVE-2012-6536.json | 150 ++++++------- 2012/6xxx/CVE-2012-6559.json | 150 ++++++------- 2015/1xxx/CVE-2015-1676.json | 140 ++++++------ 2015/5xxx/CVE-2015-5434.json | 130 +++++------ 2015/5xxx/CVE-2015-5504.json | 150 ++++++------- 2015/5xxx/CVE-2015-5758.json | 170 +++++++------- 2017/2xxx/CVE-2017-2302.json | 206 ++++++++--------- 2017/2xxx/CVE-2017-2421.json | 140 ++++++------ 2018/11xxx/CVE-2018-11407.json | 120 +++++----- 2018/11xxx/CVE-2018-11410.json | 150 ++++++------- 2018/11xxx/CVE-2018-11801.json | 34 +-- 2018/11xxx/CVE-2018-11879.json | 120 +++++----- 2018/14xxx/CVE-2018-14058.json | 150 ++++++------- 2018/15xxx/CVE-2018-15220.json | 34 +-- 2018/15xxx/CVE-2018-15253.json | 34 +-- 2018/15xxx/CVE-2018-15354.json | 120 +++++----- 2018/15xxx/CVE-2018-15370.json | 164 +++++++------- 2018/3xxx/CVE-2018-3505.json | 34 +-- 2018/3xxx/CVE-2018-3553.json | 34 +-- 2018/3xxx/CVE-2018-3810.json | 150 ++++++------- 2018/8xxx/CVE-2018-8367.json | 220 +++++++++--------- 2018/8xxx/CVE-2018-8573.json | 240 ++++++++++---------- 2018/8xxx/CVE-2018-8863.json | 34 +-- 2018/8xxx/CVE-2018-8878.json | 34 +-- 2018/8xxx/CVE-2018-8939.json | 120 +++++----- 64 files changed, 4570 insertions(+), 4570 deletions(-) diff --git a/2002/0xxx/CVE-2002-0532.json b/2002/0xxx/CVE-2002-0532.json index 2a1879e85a1..1f387ebfb4c 100644 --- a/2002/0xxx/CVE-2002-0532.json +++ b/2002/0xxx/CVE-2002-0532.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020410 Re: emumail.cgi, one more local vulnerability (not verified)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/266930" - }, - { - "name" : "emumail-http-host-execute(8836)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8836.php" - }, - { - "name" : "4488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4488" - }, - { - "name" : "5270", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5270", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5270" + }, + { + "name": "emumail-http-host-execute(8836)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8836.php" + }, + { + "name": "20020410 Re: emumail.cgi, one more local vulnerability (not verified)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/266930" + }, + { + "name": "4488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4488" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2142.json b/2002/2xxx/CVE-2002-2142.json index d9052c48273..35f8b2448b0 100644 --- a/2002/2xxx/CVE-2002-2142.json +++ b/2002/2xxx/CVE-2002-2142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a \"/\" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA02-22.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/3" - }, - { - "name" : "5971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5971" - }, - { - "name" : "weblogic-security-policy-ignored(10392)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10392.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a \"/\" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogic-security-policy-ignored(10392)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10392.php" + }, + { + "name": "5971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5971" + }, + { + "name": "BEA02-22.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/3" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0157.json b/2005/0xxx/CVE-2005-0157.json index 88f05697783..3d157d85a7f 100644 --- a/2005/0xxx/CVE-2005-0157.json +++ b/2005/0xxx/CVE-2005-0157.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-720", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-720", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-720" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0409.json b/2005/0xxx/CVE-2005-0409.json index 9f400abbf1d..fcc6f08f15a 100644 --- a/2005/0xxx/CVE-2005-0409.json +++ b/2005/0xxx/CVE-2005-0409.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050214 Advisory: Upload Authorization bypass in CitrusDB", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050214 Advisory: Upload Authorization bypass in CitrusDB", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0422.json b/2005/0xxx/CVE-2005-0422.json index a90f2367310..2fdcb460d83 100644 --- a/2005/0xxx/CVE-2005-0422.json +++ b/2005/0xxx/CVE-2005-0422.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1013139", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013139" - }, - { - "name" : "delphiturkcodebank-obtain-information(19248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013139", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013139" + }, + { + "name": "delphiturkcodebank-obtain-information(19248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0630.json b/2005/0xxx/CVE-2005-0630.json index c53118bd644..e72213dda16 100644 --- a/2005/0xxx/CVE-2005-0630.json +++ b/2005/0xxx/CVE-2005-0630.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050301 Software PBLang 4.63 sendpm.php reply file read vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110971002211589&w=2" - }, - { - "name" : "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1", - "refsource" : "CONFIRM", - "url" : "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1" - }, - { - "name" : "12690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12690" - }, - { - "name" : "pblang-sendpm-obtain-information(19544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pblang-sendpm-obtain-information(19544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19544" + }, + { + "name": "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1", + "refsource": "CONFIRM", + "url": "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1" + }, + { + "name": "20050301 Software PBLang 4.63 sendpm.php reply file read vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110971002211589&w=2" + }, + { + "name": "12690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12690" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0892.json b/2005/0xxx/CVE-2005-0892.json index 024cd6c95be..dd40418fd58 100644 --- a/2005/0xxx/CVE-2005-0892.json +++ b/2005/0xxx/CVE-2005-0892.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050325 smail remote and local root holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111177045217717&w=2" - }, - { - "name" : "DSA-722", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-722", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-722" + }, + { + "name": "20050325 smail remote and local root holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111177045217717&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0949.json b/2005/0xxx/CVE-2005-0949.json index 24d789efee4..056b0e1a8ea 100644 --- a/2005/0xxx/CVE-2005-0949.json +++ b/2005/0xxx/CVE-2005-0949.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050329 Multiple sql injection, and xss vulnerabilities in PortalApp", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111213291118273&w=2" - }, - { - "name" : "http://icis.digitalparadox.org/~dcrab/portalapp.txt", - "refsource" : "MISC", - "url" : "http://icis.digitalparadox.org/~dcrab/portalapp.txt" - }, - { - "name" : "12936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12936" - }, - { - "name" : "1013591", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013591" - }, - { - "name" : "14749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14749" - }, - { - "name" : "portalapp-contentasp-xss(19891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14749" + }, + { + "name": "20050329 Multiple sql injection, and xss vulnerabilities in PortalApp", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111213291118273&w=2" + }, + { + "name": "1013591", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013591" + }, + { + "name": "http://icis.digitalparadox.org/~dcrab/portalapp.txt", + "refsource": "MISC", + "url": "http://icis.digitalparadox.org/~dcrab/portalapp.txt" + }, + { + "name": "12936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12936" + }, + { + "name": "portalapp-contentasp-xss(19891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19891" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1216.json b/2005/1xxx/CVE-2005-1216.json index 3cb600ac2d1..b8d5dd3550d 100644 --- a/2005/1xxx/CVE-2005-1216.json +++ b/2005/1xxx/CVE-2005-1216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-034" - }, - { - "name" : "VU#367077", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/367077" - }, - { - "name" : "13954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13954" - }, - { - "name" : "oval:org.mitre.oval:def:468", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A468" - }, - { - "name" : "1014193", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014193" - }, - { - "name" : "15693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15693/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#367077", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/367077" + }, + { + "name": "MS05-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-034" + }, + { + "name": "13954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13954" + }, + { + "name": "1014193", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014193" + }, + { + "name": "oval:org.mitre.oval:def:468", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A468" + }, + { + "name": "15693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15693/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1372.json b/2005/1xxx/CVE-2005-1372.json index 8f8d6fc1cfd..3f19d342bb3 100644 --- a/2005/1xxx/CVE-2005-1372.json +++ b/2005/1xxx/CVE-2005-1372.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050427 Privilege escalation in BakBone NetVault 7.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111464410324243&w=2" - }, - { - "name" : "13408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13408" - }, - { - "name" : "ADV-2005-0420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0420" - }, - { - "name" : "15900", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15900" - }, - { - "name" : "15158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15158/" - }, - { - "name" : "bakbone-netvault-gain-privileges(20302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bakbone-netvault-gain-privileges(20302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20302" + }, + { + "name": "20050427 Privilege escalation in BakBone NetVault 7.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111464410324243&w=2" + }, + { + "name": "15900", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15900" + }, + { + "name": "15158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15158/" + }, + { + "name": "ADV-2005-0420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0420" + }, + { + "name": "13408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13408" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1552.json b/2005/1xxx/CVE-2005-1552.json index c3ff65e0545..05ed4f38018 100644 --- a/2005/1xxx/CVE-2005-1552.json +++ b/2005/1xxx/CVE-2005-1552.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111574131105737&w=2" - }, - { - "name" : "http://www.esqo.com/research/advisories/2005/100505-1.txt", - "refsource" : "MISC", - "url" : "http://www.esqo.com/research/advisories/2005/100505-1.txt" - }, - { - "name" : "13571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13571" - }, - { - "name" : "16340", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16340" - }, - { - "name" : "15330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15330" - }, - { - "name" : "geovision-authentication(20537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16340", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16340" + }, + { + "name": "15330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15330" + }, + { + "name": "13571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13571" + }, + { + "name": "http://www.esqo.com/research/advisories/2005/100505-1.txt", + "refsource": "MISC", + "url": "http://www.esqo.com/research/advisories/2005/100505-1.txt" + }, + { + "name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111574131105737&w=2" + }, + { + "name": "geovision-authentication(20537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1877.json b/2005/1xxx/CVE-2005-1877.json index 903aef5d42e..1507189300a 100644 --- a/2005/1xxx/CVE-2005-1877.json +++ b/2005/1xxx/CVE-2005-1877.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to plain-text session credential leakage via script injection.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034413.html" - }, - { - "name" : "13869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13869" - }, - { - "name" : "15589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15589/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13869" + }, + { + "name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to plain-text session credential leakage via script injection.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034413.html" + }, + { + "name": "15589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15589/" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4090.json b/2005/4xxx/CVE-2005-4090.json index 1dbab5d1ce4..1a6615110b9 100644 --- a/2005/4xxx/CVE-2005-4090.json +++ b/2005/4xxx/CVE-2005-4090.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02082", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000081817276" - }, - { - "name" : "SSRT051037", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/9812" - }, - { - "name" : "15759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15759" - }, - { - "name" : "oval:org.mitre.oval:def:5617", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5617" - }, - { - "name" : "ADV-2005-2801", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2801" - }, - { - "name" : "1015319", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015319" - }, - { - "name" : "17593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15759" + }, + { + "name": "oval:org.mitre.oval:def:5617", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5617" + }, + { + "name": "HPSBUX02082", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000081817276" + }, + { + "name": "1015319", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015319" + }, + { + "name": "17593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17593" + }, + { + "name": "SSRT051037", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/9812" + }, + { + "name": "ADV-2005-2801", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2801" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4283.json b/2005/4xxx/CVE-2005-4283.json index 7cda46a8b42..4a03773c2f7 100644 --- a/2005/4xxx/CVE-2005-4283.json +++ b/2005/4xxx/CVE-2005-4283.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html" - }, - { - "name" : "15897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15897" - }, - { - "name" : "ADV-2005-2913", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2913" - }, - { - "name" : "21728", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21728" - }, - { - "name" : "18041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21728", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21728" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html" + }, + { + "name": "ADV-2005-2913", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2913" + }, + { + "name": "15897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15897" + }, + { + "name": "18041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18041" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4416.json b/2005/4xxx/CVE-2005-4416.json index 5aa6f6d0bfe..5ec27bc5caf 100644 --- a/2005/4xxx/CVE-2005-4416.json +++ b/2005/4xxx/CVE-2005-4416.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0512-exploits/ztml.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0512-exploits/ztml.txt" - }, - { - "name" : "15876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15876" - }, - { - "name" : "21802", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21802" - }, - { - "name" : "22075", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0512-exploits/ztml.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0512-exploits/ztml.txt" + }, + { + "name": "22075", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22075" + }, + { + "name": "21802", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21802" + }, + { + "name": "15876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15876" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0181.json b/2009/0xxx/CVE-2009-0181.json index 3268162f75e..4aae138bbc2 100644 --- a/2009/0xxx/CVE-2009-0181.json +++ b/2009/0xxx/CVE-2009-0181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090106 VUPLAYER BufferOver flow POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499810/100/0/threaded" - }, - { - "name" : "4921", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4921" - }, - { - "name" : "vuplayer-file-bo(48169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4921", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4921" + }, + { + "name": "20090106 VUPLAYER BufferOver flow POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499810/100/0/threaded" + }, + { + "name": "vuplayer-file-bo(48169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48169" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0591.json b/2009/0xxx/CVE-2009-0591.json index 4968b49d70a..a4367f29e92 100644 --- a/2009/0xxx/CVE-2009-0591.json +++ b/2009/0xxx/CVE-2009-0591.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847" - }, - { - "name" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", - "refsource" : "CONFIRM", - "url" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html" - }, - { - "name" : "http://www.openssl.org/news/secadv_20090325.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20090325.txt" - }, - { - "name" : "http://www.php.net/archive/2009.php#id2009-04-08-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2009.php#id2009-04-08-1" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA50", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA50" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "HPSBUX02435", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2" - }, - { - "name" : "SSRT090059", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2" - }, - { - "name" : "HPSBOV02540", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127678688104458&w=2" - }, - { - "name" : "NetBSD-SA2009-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "34256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34256" - }, - { - "name" : "52865", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/52865" - }, - { - "name" : "1021907", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021907" - }, - { - "name" : "34411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34411" - }, - { - "name" : "34460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34460" - }, - { - "name" : "34666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34666" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "35380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35380" - }, - { - "name" : "35729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35729" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "42724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42724" - }, - { - "name" : "42733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42733" - }, - { - "name" : "ADV-2009-0850", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0850" - }, - { - "name" : "ADV-2009-1020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1020" - }, - { - "name" : "ADV-2009-1175", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1175" - }, - { - "name" : "ADV-2009-1548", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1548" - }, - { - "name" : "openssl-cmsverify-security-bypass(49432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090059", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2" + }, + { + "name": "ADV-2009-0850", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0850" + }, + { + "name": "ADV-2009-1175", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1175" + }, + { + "name": "42724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42724" + }, + { + "name": "openssl-cmsverify-security-bypass(49432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847" + }, + { + "name": "34666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34666" + }, + { + "name": "HPSBUX02435", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2" + }, + { + "name": "ADV-2009-1020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1020" + }, + { + "name": "35729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35729" + }, + { + "name": "35380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35380" + }, + { + "name": "HPSBOV02540", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127678688104458&w=2" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "http://www.php.net/archive/2009.php#id2009-04-08-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2009.php#id2009-04-08-1" + }, + { + "name": "34411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34411" + }, + { + "name": "NetBSD-SA2009-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc" + }, + { + "name": "52865", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/52865" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", + "refsource": "CONFIRM", + "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "http://www.openssl.org/news/secadv_20090325.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20090325.txt" + }, + { + "name": "ADV-2009-1548", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1548" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA50", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA50" + }, + { + "name": "34460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34460" + }, + { + "name": "34256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34256" + }, + { + "name": "1021907", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021907" + }, + { + "name": "42733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42733" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0603.json b/2009/0xxx/CVE-2009-0603.json index 4d867c3e3ba..c03bc484b68 100644 --- a/2009/0xxx/CVE-2009-0603.json +++ b/2009/0xxx/CVE-2009-0603.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090205 Drupal Link Module XSS Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html" - }, - { - "name" : "33642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33642" - }, - { - "name" : "51780", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51780" - }, - { - "name" : "33835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33835" - }, - { - "name" : "link-description-xss(48553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51780", + "refsource": "OSVDB", + "url": "http://osvdb.org/51780" + }, + { + "name": "33835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33835" + }, + { + "name": "33642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33642" + }, + { + "name": "20090205 Drupal Link Module XSS Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html" + }, + { + "name": "link-description-xss(48553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48553" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0811.json b/2009/0xxx/CVE-2009-0811.json index 35cf359cc06..50c9fff5b6b 100644 --- a/2009/0xxx/CVE-2009-0811.json +++ b/2009/0xxx/CVE-2009-0811.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501252/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/9sg_sopcastia.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_sopcastia.html" - }, - { - "name" : "33920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33920" - }, - { - "name" : "sopcast-setexternalplayer-code-execution(48955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sopcast-setexternalplayer-code-execution(48955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955" + }, + { + "name": "33920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33920" + }, + { + "name": "http://retrogod.altervista.org/9sg_sopcastia.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_sopcastia.html" + }, + { + "name": "20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501252/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0871.json b/2009/0xxx/CVE-2009-0871.json index ede5ad66a20..56cd2637ccb 100644 --- a/2009/0xxx/CVE-2009-0871.json +++ b/2009/0xxx/CVE-2009-0871.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501656/100/0/threaded" - }, - { - "name" : "http://bugs.digium.com/view.php?id=13547", - "refsource" : "CONFIRM", - "url" : "http://bugs.digium.com/view.php?id=13547" - }, - { - "name" : "http://bugs.digium.com/view.php?id=14417", - "refsource" : "CONFIRM", - "url" : "http://bugs.digium.com/view.php?id=14417" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2009-002.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2009-002.html" - }, - { - "name" : "34070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34070" - }, - { - "name" : "52568", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52568" - }, - { - "name" : "1021834", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021834" - }, - { - "name" : "34229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34229" - }, - { - "name" : "ADV-2009-0667", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52568", + "refsource": "OSVDB", + "url": "http://osvdb.org/52568" + }, + { + "name": "34070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34070" + }, + { + "name": "1021834", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021834" + }, + { + "name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded" + }, + { + "name": "http://bugs.digium.com/view.php?id=14417", + "refsource": "CONFIRM", + "url": "http://bugs.digium.com/view.php?id=14417" + }, + { + "name": "http://bugs.digium.com/view.php?id=13547", + "refsource": "CONFIRM", + "url": "http://bugs.digium.com/view.php?id=13547" + }, + { + "name": "http://downloads.digium.com/pub/security/AST-2009-002.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2009-002.html" + }, + { + "name": "ADV-2009-0667", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0667" + }, + { + "name": "34229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34229" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0998.json b/2009/0xxx/CVE-2009-0998.json index 3799c35b2f6..23f11f5bfe1 100644 --- a/2009/0xxx/CVE-2009-0998.json +++ b/2009/0xxx/CVE-2009-0998.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53758", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53758" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "53758", + "refsource": "OSVDB", + "url": "http://osvdb.org/53758" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1334.json b/2009/1xxx/CVE-2009-1334.json index 27dae457412..1208a2285a1 100644 --- a/2009/1xxx/CVE-2009-1334.json +++ b/2009/1xxx/CVE-2009-1334.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS", - "refsource" : "MISC", - "url" : "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS" - }, - { - "name" : "34513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34513" - }, - { - "name" : "53651", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/53651" - }, - { - "name" : "1022060", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022060" - }, - { - "name" : "34646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34646" - }, - { - "name" : "ADV-2009-1021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1021" - }, - { - "name" : "tivoli-cdpf-reason-xss(49872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34646" + }, + { + "name": "53651", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/53651" + }, + { + "name": "34513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34513" + }, + { + "name": "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS", + "refsource": "MISC", + "url": "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS" + }, + { + "name": "1022060", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022060" + }, + { + "name": "tivoli-cdpf-reason-xss(49872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49872" + }, + { + "name": "ADV-2009-1021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1021" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1531.json b/2009/1xxx/CVE-2009-1531.json index 85b67d9a591..cf4fd01d214 100644 --- a/2009/1xxx/CVE-2009-1531.json +++ b/2009/1xxx/CVE-2009-1531.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504216/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-039", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-039" - }, - { - "name" : "MS09-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35234" - }, - { - "name" : "54950", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54950" - }, - { - "name" : "oval:org.mitre.oval:def:6308", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308" - }, - { - "name" : "1022350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022350" - }, - { - "name" : "ADV-2009-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1538" + }, + { + "name": "MS09-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" + }, + { + "name": "20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504216/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-039", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-039" + }, + { + "name": "35234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35234" + }, + { + "name": "oval:org.mitre.oval:def:6308", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308" + }, + { + "name": "54950", + "refsource": "OSVDB", + "url": "http://osvdb.org/54950" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022350" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1942.json b/2009/1xxx/CVE-2009-1942.json index 3e764ca5030..27dea2309c8 100644 --- a/2009/1xxx/CVE-2009-1942.json +++ b/2009/1xxx/CVE-2009-1942.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/481270", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/481270" - }, - { - "name" : "http://drupal.org/node/481274", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/481274" - }, - { - "name" : "http://drupal.org/node/481308", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/481308" - }, - { - "name" : "35199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35199" - }, - { - "name" : "54880", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54880" - }, - { - "name" : "35345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35199" + }, + { + "name": "http://drupal.org/node/481270", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/481270" + }, + { + "name": "35345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35345" + }, + { + "name": "54880", + "refsource": "OSVDB", + "url": "http://osvdb.org/54880" + }, + { + "name": "http://drupal.org/node/481308", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/481308" + }, + { + "name": "http://drupal.org/node/481274", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/481274" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4006.json b/2009/4xxx/CVE-2009-4006.json index 7a4bb985d0d..cd010632615 100644 --- a/2009/4xxx/CVE-2009-4006.json +++ b/2009/4xxx/CVE-2009-4006.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507955/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-46/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-46/" - }, - { - "name" : "http://www.serv-u.com/releasenotes/", - "refsource" : "MISC", - "url" : "http://www.serv-u.com/releasenotes/" - }, - { - "name" : "37051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37051" - }, - { - "name" : "60427", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60427" - }, - { - "name" : "oval:org.mitre.oval:def:6142", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142" - }, - { - "name" : "1023199", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023199" - }, - { - "name" : "37228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37228" - }, - { - "name" : "ADV-2009-3277", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3277" - }, - { - "name" : "servu-tea-bo(54322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60427", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60427" + }, + { + "name": "1023199", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023199" + }, + { + "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2009-46/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-46/" + }, + { + "name": "oval:org.mitre.oval:def:6142", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142" + }, + { + "name": "ADV-2009-3277", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3277" + }, + { + "name": "http://www.serv-u.com/releasenotes/", + "refsource": "MISC", + "url": "http://www.serv-u.com/releasenotes/" + }, + { + "name": "37228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37228" + }, + { + "name": "37051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37051" + }, + { + "name": "servu-tea-bo(54322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4050.json b/2009/4xxx/CVE-2009-4050.json index 178e4e99915..09decae75fa 100644 --- a/2009/4xxx/CVE-2009-4050.json +++ b/2009/4xxx/CVE-2009-4050.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "60073", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/60073" - }, - { - "name" : "37370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37370" + }, + { + "name": "60073", + "refsource": "OSVDB", + "url": "http://osvdb.org/60073" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4083.json b/2009/4xxx/CVE-2009-4083.json index 4080afe47e1..d9a933f8a7d 100644 --- a/2009/4xxx/CVE-2009-4083.json +++ b/2009/4xxx/CVE-2009-4083.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508007/100/0/threaded" - }, - { - "name" : "http://blog.bkis.com/e107-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://blog.bkis.com/e107-multiple-vulnerabilities/" - }, - { - "name" : "37087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37087" - }, - { - "name" : "e107-multiple-unspecified-xss(54372)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded" + }, + { + "name": "http://blog.bkis.com/e107-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "http://blog.bkis.com/e107-multiple-vulnerabilities/" + }, + { + "name": "e107-multiple-unspecified-xss(54372)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372" + }, + { + "name": "37087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37087" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4199.json b/2009/4xxx/CVE-2009-4199.json index 8a8229ccae7..3698a7d5c90 100644 --- a/2009/4xxx/CVE-2009-4199.json +++ b/2009/4xxx/CVE-2009-4199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8872", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8872" - }, - { - "name" : "35202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35202" + }, + { + "name": "8872", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8872" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4630.json b/2009/4xxx/CVE-2009-4630.json index ea7d1c7bd53..f25318f70ed 100644 --- a/2009/4xxx/CVE-2009-4630.json +++ b/2009/4xxx/CVE-2009-4630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating \"I don't think we necessarily need to worry about that case.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=453403", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=453403" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492196", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating \"I don't think we necessarily need to worry about that case.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4804.json b/2009/4xxx/CVE-2009-4804.json index 70c2fc7daec..33b4046fb19 100644 --- a/2009/4xxx/CVE-2009-4804.json +++ b/2009/4xxx/CVE-2009-4804.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/cal/1.1.1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/cal/1.1.1/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/" - }, - { - "name" : "33996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33996" - }, - { - "name" : "34155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/cal/1.1.1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/cal/1.1.1/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/" + }, + { + "name": "34155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34155" + }, + { + "name": "33996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33996" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2395.json b/2012/2xxx/CVE-2012-2395.json index cc64107fec0..10eab2cfc86 100644 --- a/2012/2xxx/CVE-2012-2395.json +++ b/2012/2xxx/CVE-2012-2395.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120523 CVE request: cobbler command injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/4" - }, - { - "name" : "[oss-security] 20120523 Re: CVE request: cobbler command injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/23/18" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999" - }, - { - "name" : "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf", - "refsource" : "CONFIRM", - "url" : "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf" - }, - { - "name" : "https://github.com/cobbler/cobbler/issues/141", - "refsource" : "CONFIRM", - "url" : "https://github.com/cobbler/cobbler/issues/141" - }, - { - "name" : "openSUSE-SU-2012:0655", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html" - }, - { - "name" : "53666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53666" - }, - { - "name" : "82458", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html" + }, + { + "name": "[oss-security] 20120523 CVE request: cobbler command injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/4" + }, + { + "name": "53666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53666" + }, + { + "name": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf", + "refsource": "CONFIRM", + "url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf" + }, + { + "name": "[oss-security] 20120523 Re: CVE request: cobbler command injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/23/18" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999" + }, + { + "name": "https://github.com/cobbler/cobbler/issues/141", + "refsource": "CONFIRM", + "url": "https://github.com/cobbler/cobbler/issues/141" + }, + { + "name": "openSUSE-SU-2012:0655", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html" + }, + { + "name": "82458", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82458" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2396.json b/2012/2xxx/CVE-2012-2396.json index 481c2542efa..61b18c21a05 100644 --- a/2012/2xxx/CVE-2012-2396.json +++ b/2012/2xxx/CVE-2012-2396.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18757", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18757/" - }, - { - "name" : "oval:org.mitre.oval:def:15615", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615" - }, - { - "name" : "vlc-mp4-dos(75038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15615", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615" + }, + { + "name": "vlc-mp4-dos(75038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038" + }, + { + "name": "18757", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18757/" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2608.json b/2012/2xxx/CVE-2012-2608.json index f1209a3ff8f..c9232742a9a 100644 --- a/2012/2xxx/CVE-2012-2608.json +++ b/2012/2xxx/CVE-2012-2608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2703.json b/2012/2xxx/CVE-2012-2703.json index d98c8585f6c..a57cc1e591b 100644 --- a/2012/2xxx/CVE-2012-2703.json +++ b/2012/2xxx/CVE-2012-2703.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"$conf variable in settings.php.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585544", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585544" - }, - { - "name" : "http://drupalcode.org/project/ad.git/commitdiff/4337f34", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/ad.git/commitdiff/4337f34" - }, - { - "name" : "https://drupal.org/node/1580376", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1580376" - }, - { - "name" : "advertisement-settings-xss(75718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"$conf variable in settings.php.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1585544", + "refsource": "MISC", + "url": "http://drupal.org/node/1585544" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "https://drupal.org/node/1580376", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1580376" + }, + { + "name": "advertisement-settings-xss(75718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75718" + }, + { + "name": "http://drupalcode.org/project/ad.git/commitdiff/4337f34", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/ad.git/commitdiff/4337f34" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3004.json b/2012/3xxx/CVE-2012-3004.json index 61d267a5e6d..2f01fb12f28 100644 --- a/2012/3xxx/CVE-2012-3004.json +++ b/2012/3xxx/CVE-2012-3004.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3539.json b/2012/3xxx/CVE-2012-3539.json index a5f018e3313..51fdd954d14 100644 --- a/2012/3xxx/CVE-2012-3539.json +++ b/2012/3xxx/CVE-2012-3539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3539", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4681. Reason: This candidate is a duplicate of CVE-2012-4681. Notes: All CVE users should reference CVE-2012-4681 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3539", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4681. Reason: This candidate is a duplicate of CVE-2012-4681. Notes: All CVE users should reference CVE-2012-4681 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3864.json b/2012/3xxx/CVE-2012-3864.json index 7ed7b75810a..78948fd7a6e 100644 --- a/2012/3xxx/CVE-2012-3864.json +++ b/2012/3xxx/CVE-2012-3864.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://puppetlabs.com/security/cve/cve-2012-3864/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2012-3864/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=839130", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=839130" - }, - { - "name" : "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4", - "refsource" : "CONFIRM", - "url" : "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4" - }, - { - "name" : "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87", - "refsource" : "CONFIRM", - "url" : "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87" - }, - { - "name" : "DSA-2511", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2511" - }, - { - "name" : "SUSE-SU-2012:0983", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" - }, - { - "name" : "openSUSE-SU-2012:0891", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" - }, - { - "name" : "USN-1506-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1506-1" - }, - { - "name" : "50014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0983", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2012-3864/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2012-3864/" + }, + { + "name": "DSA-2511", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2511" + }, + { + "name": "USN-1506-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1506-1" + }, + { + "name": "50014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50014" + }, + { + "name": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4", + "refsource": "CONFIRM", + "url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4" + }, + { + "name": "openSUSE-SU-2012:0891", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=839130", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130" + }, + { + "name": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87", + "refsource": "CONFIRM", + "url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3988.json b/2012/3xxx/CVE-2012-3988.json index 1b953c7f3cd..81e6b1a87ea 100644 --- a/2012/3xxx/CVE-2012-3988.json +++ b/2012/3xxx/CVE-2012-3988.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725770", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725770" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "86109", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86109" - }, - { - "name" : "oval:org.mitre.oval:def:16334", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - }, - { - "name" : "firefox-full-screen-code-exec(79149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "firefox-full-screen-code-exec(79149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79149" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "oval:org.mitre.oval:def:16334", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334" + }, + { + "name": "86109", + "refsource": "OSVDB", + "url": "http://osvdb.org/86109" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=725770", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=725770" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6402.json b/2012/6xxx/CVE-2012-6402.json index e3e90cc4806..d3e47d4d93b 100644 --- a/2012/6xxx/CVE-2012-6402.json +++ b/2012/6xxx/CVE-2012-6402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6402", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6402", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6536.json b/2012/6xxx/CVE-2012-6536.json index 52733778f2f..3d247142f3e 100644 --- a/2012/6xxx/CVE-2012-6536.json +++ b/2012/6xxx/CVE-2012-6536.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6559.json b/2012/6xxx/CVE-2012-6559.json index e0a691b8063..38d1630fbec 100644 --- a/2012/6xxx/CVE-2012-6559.json +++ b/2012/6xxx/CVE-2012-6559.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18900", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18900" - }, - { - "name" : "53617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53617" - }, - { - "name" : "freenac-deviceadd-xss(75762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75762" - }, - { - "name" : "freenac-stats-xss(75761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53617" + }, + { + "name": "freenac-deviceadd-xss(75762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75762" + }, + { + "name": "freenac-stats-xss(75761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75761" + }, + { + "name": "18900", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18900" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1676.json b/2015/1xxx/CVE-2015-1676.json index 611a257721d..edd737bb273 100644 --- a/2015/1xxx/CVE-2015-1676.json +++ b/2015/1xxx/CVE-2015-1676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051" - }, - { - "name" : "74483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74483" - }, - { - "name" : "1032294", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051" + }, + { + "name": "1032294", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032294" + }, + { + "name": "74483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74483" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5434.json b/2015/5xxx/CVE-2015-5434.json index 8d992d2b9e5..2e9651c971e 100644 --- a/2015/5xxx/CVE-2015-5434.json +++ b/2015/5xxx/CVE-2015-5434.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via \"Virtual routing and forwarding (VRF) hopping.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2015-5434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492" - }, - { - "name" : "79869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/79869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via \"Virtual routing and forwarding (VRF) hopping.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492" + }, + { + "name": "79869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/79869" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5504.json b/2015/5xxx/CVE-2015-5504.json index 936721fc5f5..33e92d86d7f 100644 --- a/2015/5xxx/CVE-2015-5504.json +++ b/2015/5xxx/CVE-2015-5504.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" - }, - { - "name" : "https://www.drupal.org/node/2499787", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2499787" - }, - { - "name" : "75039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75039" - }, - { - "name" : "75040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2499787", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2499787" + }, + { + "name": "75040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75040" + }, + { + "name": "75039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75039" + }, + { + "name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/04/4" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5758.json b/2015/5xxx/CVE-2015-5758.json index e5bdfc1e7a3..24fc694191b 100644 --- a/2015/5xxx/CVE-2015-5758.json +++ b/2015/5xxx/CVE-2015-5758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "https://support.apple.com/kb/HT205031", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205031" - }, - { - "name" : "APPLE-SA-2015-08-13-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76343" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "APPLE-SA-2015-08-13-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + }, + { + "name": "https://support.apple.com/kb/HT205031", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205031" + }, + { + "name": "76343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76343" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2302.json b/2017/2xxx/CVE-2017-2302.json index 38e7f5d4025..3a0e4af9067 100644 --- a/2017/2xxx/CVE-2017-2302.json +++ b/2017/2xxx/CVE-2017-2302.json @@ -1,105 +1,105 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options", - "version" : { - "version_data" : [ - { - "version_value" : "12.1X46 prior to 12.1X46-D55" - }, - { - "version_value" : "12.1X47 prior to 12.1X47-D45" - }, - { - "version_value" : "12.3R13 prior to 12.3R13" - }, - { - "version_value" : "12.3X48 prior to 12.3X48-D35" - }, - { - "version_value" : "13.3 prior to 13.3R10" - }, - { - "version_value" : "14.1 prior to 14.1R8" - }, - { - "version_value" : "14.1X53 prior to 14.1X53-D40" - }, - { - "version_value" : "14.1X55 prior to 14.1X55-D35" - }, - { - "version_value" : "14.2 prior to 14.2R6" - }, - { - "version_value" : "15.1 prior to 15.1F2 or 15.1R1" - }, - { - "version_value" : "15.1X49 prior to 15.1X49-D20" - }, - { - "version_value" : "16.1 and subsequent releases contain a fix" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "rpd daemon crash denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options", + "version": { + "version_data": [ + { + "version_value": "12.1X46 prior to 12.1X46-D55" + }, + { + "version_value": "12.1X47 prior to 12.1X47-D45" + }, + { + "version_value": "12.3R13 prior to 12.3R13" + }, + { + "version_value": "12.3X48 prior to 12.3X48-D35" + }, + { + "version_value": "13.3 prior to 13.3R10" + }, + { + "version_value": "14.1 prior to 14.1R8" + }, + { + "version_value": "14.1X53 prior to 14.1X53-D40" + }, + { + "version_value": "14.1X55 prior to 14.1X55-D35" + }, + { + "version_value": "14.2 prior to 14.2R6" + }, + { + "version_value": "15.1 prior to 15.1F2 or 15.1R1" + }, + { + "version_value": "15.1X49 prior to 15.1X49-D20" + }, + { + "version_value": "16.1 and subsequent releases contain a fix" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10771", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10771" - }, - { - "name" : "95394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95394" - }, - { - "name" : "1037595", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "rpd daemon crash denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10771", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10771" + }, + { + "name": "1037595", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037595" + }, + { + "name": "95394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95394" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2421.json b/2017/2xxx/CVE-2017-2421.json index 4ab5487cf30..1161feff3b0 100644 --- a/2017/2xxx/CVE-2017-2421.json +++ b/2017/2xxx/CVE-2017-2421.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97140" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97140" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11407.json b/2018/11xxx/CVE-2018-11407.json index 9ec182242fe..3cfcfe4a237 100644 --- a/2018/11xxx/CVE-2018-11407.json +++ b/2018/11xxx/CVE-2018-11407.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", - "refsource" : "CONFIRM", - "url" : "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", + "refsource": "CONFIRM", + "url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11410.json b/2018/11xxx/CVE-2018-11410.json index 17d081fefac..3fa950dbd84 100644 --- a/2018/11xxx/CVE-2018-11410.json +++ b/2018/11xxx/CVE-2018-11410.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1582024", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1582024" - }, - { - "name" : "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing" - }, - { - "name" : "USN-3669-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3669-1/" - }, - { - "name" : "104324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582024", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582024" + }, + { + "name": "USN-3669-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3669-1/" + }, + { + "name": "104324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104324" + }, + { + "name": "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11801.json b/2018/11xxx/CVE-2018-11801.json index 692241857cc..0f7582d992c 100644 --- a/2018/11xxx/CVE-2018-11801.json +++ b/2018/11xxx/CVE-2018-11801.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11801", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11801", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11879.json b/2018/11xxx/CVE-2018-11879.json index 34943643053..448aaab42a0 100644 --- a/2018/11xxx/CVE-2018-11879.json +++ b/2018/11xxx/CVE-2018-11879.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 845" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow to Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 845" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14058.json b/2018/14xxx/CVE-2018-14058.json index 978d5aecd3f..f459cadcff0 100644 --- a/2018/14xxx/CVE-2018-14058.json +++ b/2018/14xxx/CVE-2018-14058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pimcore before 5.3.0 allows SQL Injection via the REST web service API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45208", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45208/" - }, - { - "name" : "20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/13" - }, - { - "name" : "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pimcore before 5.3.0 allows SQL Injection via the REST web service API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/13" + }, + { + "name": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/" + }, + { + "name": "45208", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45208/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15220.json b/2018/15xxx/CVE-2018-15220.json index 069ece72822..76185944722 100644 --- a/2018/15xxx/CVE-2018-15220.json +++ b/2018/15xxx/CVE-2018-15220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15253.json b/2018/15xxx/CVE-2018-15253.json index dda61d1101f..d40825440c4 100644 --- a/2018/15xxx/CVE-2018-15253.json +++ b/2018/15xxx/CVE-2018-15253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15354.json b/2018/15xxx/CVE-2018-15354.json index 36fd264ceca..15629fff521 100644 --- a/2018/15xxx/CVE-2018-15354.json +++ b/2018/15xxx/CVE-2018-15354.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-15354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kraftway", - "version" : { - "version_data" : [ - { - "version_value" : "Kraftway 24F2XG Router firmware 3.5.30.1118" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A Buffer Overflow exploited through web interface by remote attacker cause denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-15354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kraftway", + "version": { + "version_data": [ + { + "version_value": "Kraftway 24F2XG Router firmware 3.5.30.1118" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A Buffer Overflow exploited through web interface by remote attacker cause denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15370.json b/2018/15xxx/CVE-2018-15370.json index 4afd48e3223..e2283b46ddb 100644 --- a/2018/15xxx/CVE-2018-15370.json +++ b/2018/15xxx/CVE-2018-15370.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-15370", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Catalyst 6800 Series Switches", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.4", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-15370", + "STATE": "PUBLIC", + "TITLE": "Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst 6800 Series Switches", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800" - }, - { - "name" : "105412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105412" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-catalyst6800", - "defect" : [ - [ - "CSCvc16091" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.4", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800" + }, + { + "name": "105412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105412" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-catalyst6800", + "defect": [ + [ + "CSCvc16091" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3505.json b/2018/3xxx/CVE-2018-3505.json index 073ac343c15..e0c784c11a6 100644 --- a/2018/3xxx/CVE-2018-3505.json +++ b/2018/3xxx/CVE-2018-3505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3553.json b/2018/3xxx/CVE-2018-3553.json index c833ee1d5ed..d1287f90bae 100644 --- a/2018/3xxx/CVE-2018-3553.json +++ b/2018/3xxx/CVE-2018-3553.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3553", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3553", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3810.json b/2018/3xxx/CVE-2018-3810.json index 65d5cf6fcba..0b55855bbd8 100644 --- a/2018/3xxx/CVE-2018-3810.json +++ b/2018/3xxx/CVE-2018-3810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43420", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43420/" - }, - { - "name" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html", - "refsource" : "MISC", - "url" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html" - }, - { - "name" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8987", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/smart-google-code-inserter/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/smart-google-code-inserter/#developers" + }, + { + "name": "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html", + "refsource": "MISC", + "url": "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8987", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8987" + }, + { + "name": "43420", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43420/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8367.json b/2018/8xxx/CVE-2018-8367.json index 04a7d869d4c..34d1dcf6e6f 100644 --- a/2018/8xxx/CVE-2018-8367.json +++ b/2018/8xxx/CVE-2018-8367.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367" - }, - { - "name" : "105245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105245" - }, - { - "name" : "1041623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367" + }, + { + "name": "1041623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041623" + }, + { + "name": "105245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105245" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8573.json b/2018/8xxx/CVE-2018-8573.json index 3631f49d411..d028e5c662e 100644 --- a/2018/8xxx/CVE-2018-8573.json +++ b/2018/8xxx/CVE-2018-8573.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Word", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573" - }, - { - "name" : "105836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105836" - }, - { - "name" : "1042114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105836" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573" + }, + { + "name": "1042114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042114" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8863.json b/2018/8xxx/CVE-2018-8863.json index 13d1f5c91c2..f1239ae5362 100644 --- a/2018/8xxx/CVE-2018-8863.json +++ b/2018/8xxx/CVE-2018-8863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8878.json b/2018/8xxx/CVE-2018-8878.json index 9587072bba5..fcf03329eb2 100644 --- a/2018/8xxx/CVE-2018-8878.json +++ b/2018/8xxx/CVE-2018-8878.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8878", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8878", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8939.json b/2018/8xxx/CVE-2018-8939.json index 04d03dc0910..65e1e96946a 100644 --- a/2018/8xxx/CVE-2018-8939.json +++ b/2018/8xxx/CVE-2018-8939.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm", - "refsource" : "CONFIRM", - "url" : "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm", + "refsource": "CONFIRM", + "url": "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm" + } + ] + } +} \ No newline at end of file