diff --git a/2002/0xxx/CVE-2002-0494.json b/2002/0xxx/CVE-2002-0494.json index 0e7f3669be4..0ee6277afaf 100644 --- a/2002/0xxx/CVE-2002-0494.json +++ b/2002/0xxx/CVE-2002-0494.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020325 WebSight Directory System: cross-site-scripting bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/263914" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=163389", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=163389" - }, - { - "name" : "4357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4357" - }, - { - "name" : "websight-directory-system-css(8624)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8624.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020325 WebSight Directory System: cross-site-scripting bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/263914" + }, + { + "name": "4357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4357" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=163389", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=163389" + }, + { + "name": "websight-directory-system-css(8624)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8624.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0502.json b/2002/0xxx/CVE-2002-0502.json index 4c3afb6db26..61bfd1bcf97 100644 --- a/2002/0xxx/CVE-2002-0502.json +++ b/2002/0xxx/CVE-2002-0502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020123 RE: Citrix NFuse 1.6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251923" - }, - { - "name" : "20020122 Citrix NFuse 1.6", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251737" - }, - { - "name" : "nfuse-applist-information-disclosure(7984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7984" - }, - { - "name" : "3926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nfuse-applist-information-disclosure(7984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7984" + }, + { + "name": "20020122 Citrix NFuse 1.6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251737" + }, + { + "name": "20020123 RE: Citrix NFuse 1.6", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251923" + }, + { + "name": "3926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3926" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2118.json b/2002/2xxx/CVE-2002-2118.json index d3d901ca261..5fa89b99629 100644 --- a/2002/2xxx/CVE-2002-2118.json +++ b/2002/2xxx/CVE-2002-2118.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020219 RE: Blueworld WebData Engine 1.6.5", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101372618504099&w=2" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html" - }, - { - "name" : "4110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4110" - }, - { - "name" : "lasso-webdata-dos(8208)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8208.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4110" + }, + { + "name": "20020219 RE: Blueworld WebData Engine 1.6.5", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101372618504099&w=2" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html" + }, + { + "name": "lasso-webdata-dos(8208)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8208.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2395.json b/2002/2xxx/CVE-2002-2395.json index 28eca9806e8..c24c9d35935 100644 --- a/2002/2xxx/CVE-2002-2395.json +++ b/2002/2xxx/CVE-2002-2395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020912 Bypassing TrendMicro InterScan VirusWall", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/291538" - }, - { - "name" : "5701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5701" - }, - { - "name" : "interscan-gzip-content-bypass(10107)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10107.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5701" + }, + { + "name": "interscan-gzip-content-bypass(10107)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10107.php" + }, + { + "name": "20020912 Bypassing TrendMicro InterScan VirusWall", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/291538" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0109.json b/2005/0xxx/CVE-2005-0109.json index 40d626b3d5f..0873b80d7dc 100644 --- a/2005/0xxx/CVE-2005-0109.json +++ b/2005/0xxx/CVE-2005-0109.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.daemonology.net/papers/htt.pdf", - "refsource" : "MISC", - "url" : "http://www.daemonology.net/papers/htt.pdf" - }, - { - "name" : "http://www.daemonology.net/hyperthreading-considered-harmful/", - "refsource" : "MISC", - "url" : "http://www.daemonology.net/hyperthreading-considered-harmful/" - }, - { - "name" : "[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openbsd-misc&m=110995101417256&w=2" - }, - { - "name" : "[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=freebsd-security&m=110994370429609&w=2" - }, - { - "name" : "[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754", - "refsource" : "MISC", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754" - }, - { - "name" : "RHSA-2005:476", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-476.html" - }, - { - "name" : "RHSA-2005:800", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-800.html" - }, - { - "name" : "SCOSA-2005.24", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt" - }, - { - "name" : "101739", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1" - }, - { - "name" : "VU#911878", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911878" - }, - { - "name" : "12724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12724" - }, - { - "name" : "oval:org.mitre.oval:def:9747", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747" - }, - { - "name" : "ADV-2005-0540", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0540" - }, - { - "name" : "ADV-2005-3002", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3002" - }, - { - "name" : "1013967", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013967" - }, - { - "name" : "15348", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15348" - }, - { - "name" : "18165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#911878", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911878" + }, + { + "name": "18165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18165" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754", + "refsource": "MISC", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754" + }, + { + "name": "[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff", + "refsource": "MLIST", + "url": "http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2" + }, + { + "name": "SCOSA-2005.24", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt" + }, + { + "name": "oval:org.mitre.oval:def:9747", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747" + }, + { + "name": "ADV-2005-3002", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3002" + }, + { + "name": "15348", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15348" + }, + { + "name": "12724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12724" + }, + { + "name": "[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]", + "refsource": "MLIST", + "url": "http://marc.info/?l=freebsd-security&m=110994370429609&w=2" + }, + { + "name": "RHSA-2005:476", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html" + }, + { + "name": "1013967", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013967" + }, + { + "name": "ADV-2005-0540", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0540" + }, + { + "name": "http://www.daemonology.net/papers/htt.pdf", + "refsource": "MISC", + "url": "http://www.daemonology.net/papers/htt.pdf" + }, + { + "name": "RHSA-2005:800", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-800.html" + }, + { + "name": "http://www.daemonology.net/hyperthreading-considered-harmful/", + "refsource": "MISC", + "url": "http://www.daemonology.net/hyperthreading-considered-harmful/" + }, + { + "name": "101739", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1" + }, + { + "name": "[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff", + "refsource": "MLIST", + "url": "http://marc.info/?l=openbsd-misc&m=110995101417256&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0233.json b/2005/0xxx/CVE-2005-0233.json index cc79f443d97..8d439dbd7af 100644 --- a/2005/0xxx/CVE-2005-0233.json +++ b/2005/0xxx/CVE-2005-0233.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050206 state of homograph attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" - }, - { - "name" : "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110782704923280&w=2" - }, - { - "name" : "http://www.shmoo.com/idn", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn" - }, - { - "name" : "http://www.shmoo.com/idn/homograph.txt", - "refsource" : "MISC", - "url" : "http://www.shmoo.com/idn/homograph.txt" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-29.html" - }, - { - "name" : "GLSA-200503-10", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" - }, - { - "name" : "GLSA-200503-30", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" - }, - { - "name" : "RHSA-2005:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "SUSE-SA:2005:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html" - }, - { - "name" : "12461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12461" - }, - { - "name" : "oval:org.mitre.oval:def:100029", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029" - }, - { - "name" : "oval:org.mitre.oval:def:11229", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229" - }, - { - "name" : "multiple-browsers-idn-spoof(19236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.shmoo.com/idn/homograph.txt", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn/homograph.txt" + }, + { + "name": "multiple-browsers-idn-spoof(19236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" + }, + { + "name": "20050206 state of homograph attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" + }, + { + "name": "http://www.shmoo.com/idn", + "refsource": "MISC", + "url": "http://www.shmoo.com/idn" + }, + { + "name": "SUSE-SA:2005:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html" + }, + { + "name": "oval:org.mitre.oval:def:11229", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229" + }, + { + "name": "oval:org.mitre.oval:def:100029", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029" + }, + { + "name": "RHSA-2005:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "GLSA-200503-30", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" + }, + { + "name": "GLSA-200503-10", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" + }, + { + "name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2" + }, + { + "name": "12461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12461" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-29.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0405.json b/2005/0xxx/CVE-2005-0405.json index 9e68709e2fc..a8f505cd9ac 100644 --- a/2005/0xxx/CVE-2005-0405.json +++ b/2005/0xxx/CVE-2005-0405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1253.json b/2005/1xxx/CVE-2005-1253.json index ba71e988a1f..62b149253fe 100644 --- a/2005/1xxx/CVE-2005-1253.json +++ b/2005/1xxx/CVE-2005-1253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1821.json b/2005/1xxx/CVE-2005-1821.json index a96f2dae0b2..12f8de5e84d 100644 --- a/2005/1xxx/CVE-2005-1821.json +++ b/2005/1xxx/CVE-2005-1821.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050531 PowerDownload Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111755754126095&w=2" - }, - { - "name" : "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt" - }, - { - "name" : "13822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13822" - }, - { - "name" : "1014078", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014078" - }, - { - "name" : "15537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13822" + }, + { + "name": "20050531 PowerDownload Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111755754126095&w=2" + }, + { + "name": "15537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15537" + }, + { + "name": "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt", + "refsource": "MISC", + "url": "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt" + }, + { + "name": "1014078", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014078" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1865.json b/2005/1xxx/CVE-2005-1865.json index 54563205be2..97bfeeaef69 100644 --- a/2005/1xxx/CVE-2005-1865.json +++ b/2005/1xxx/CVE-2005-1865.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050531 multiple vulnerability Calendarix Advanced", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html" - }, - { - "name" : "http://www.calendarix.com/download_advanced.php", - "refsource" : "CONFIRM", - "url" : "http://www.calendarix.com/download_advanced.php" - }, - { - "name" : "http://www.calendarix.com/download_basic.php", - "refsource" : "CONFIRM", - "url" : "http://www.calendarix.com/download_basic.php" - }, - { - "name" : "16971", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16971" - }, - { - "name" : "16972", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16972" - }, - { - "name" : "16974", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16974" - }, - { - "name" : "16975", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16975" - }, - { - "name" : "1014083", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/May/1014083.html" - }, - { - "name" : "15569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.calendarix.com/download_basic.php", + "refsource": "CONFIRM", + "url": "http://www.calendarix.com/download_basic.php" + }, + { + "name": "16972", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16972" + }, + { + "name": "16975", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16975" + }, + { + "name": "1014083", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/May/1014083.html" + }, + { + "name": "http://www.calendarix.com/download_advanced.php", + "refsource": "CONFIRM", + "url": "http://www.calendarix.com/download_advanced.php" + }, + { + "name": "15569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15569" + }, + { + "name": "16971", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16971" + }, + { + "name": "16974", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16974" + }, + { + "name": "20050531 multiple vulnerability Calendarix Advanced", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4277.json b/2005/4xxx/CVE-2005-4277.json index bf0d9d8f120..bb1a8922995 100644 --- a/2005/4xxx/CVE-2005-4277.json +++ b/2005/4xxx/CVE-2005-4277.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060530 toendaCMS 0.7.0 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435412/100/0/threaded" - }, - { - "name" : "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip", - "refsource" : "CONFIRM", - "url" : "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip" - }, - { - "name" : "18178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18178" - }, - { - "name" : "ADV-2005-2926", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2926" - }, - { - "name" : "21767", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21767" - }, - { - "name" : "18058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18058" - }, - { - "name" : "1015354", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060530 toendaCMS 0.7.0 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435412/100/0/threaded" + }, + { + "name": "18178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18178" + }, + { + "name": "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip", + "refsource": "CONFIRM", + "url": "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip" + }, + { + "name": "18058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18058" + }, + { + "name": "1015354", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015354" + }, + { + "name": "21767", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21767" + }, + { + "name": "ADV-2005-2926", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2926" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4303.json b/2005/4xxx/CVE-2005-4303.json index 7dd2cdb557c..000003732b3 100644 --- a/2005/4xxx/CVE-2005-4303.json +++ b/2005/4xxx/CVE-2005-4303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html" - }, - { - "name" : "15908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15908" - }, - { - "name" : "21797", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15908" + }, + { + "name": "21797", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21797" + }, + { + "name": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0095.json b/2009/0xxx/CVE-2009-0095.json index a0ce93f39e3..4896940faf6 100644 --- a/2009/0xxx/CVE-2009-0095.json +++ b/2009/0xxx/CVE-2009-0095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005" - }, - { - "name" : "TA09-041A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-041A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6179", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179" - }, - { - "name" : "ADV-2009-0391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0391" + }, + { + "name": "oval:org.mitre.oval:def:6179", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179" + }, + { + "name": "MS09-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005" + }, + { + "name": "TA09-041A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0260.json b/2009/0xxx/CVE-2009-0260.json index 9b092c2e0db..07a67eac45d 100644 --- a/2009/0xxx/CVE-2009-0260.json +++ b/2009/0xxx/CVE-2009-0260.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090120 MoinMoin Wiki Engine XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500197/100/0/threaded" - }, - { - "name" : "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1", - "refsource" : "CONFIRM", - "url" : "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1" - }, - { - "name" : "http://moinmo.in/SecurityFixes#moin1.8.1", - "refsource" : "CONFIRM", - "url" : "http://moinmo.in/SecurityFixes#moin1.8.1" - }, - { - "name" : "DSA-1715", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2009/dsa-1715" - }, - { - "name" : "USN-716-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/716-1/" - }, - { - "name" : "33365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33365" - }, - { - "name" : "ADV-2009-0195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0195" - }, - { - "name" : "51485", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51485" - }, - { - "name" : "33593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33593" - }, - { - "name" : "33716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33716" - }, - { - "name" : "33755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33755" - }, - { - "name" : "moinmoin-attachfilepy-xss(48126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33593" + }, + { + "name": "33755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33755" + }, + { + "name": "ADV-2009-0195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0195" + }, + { + "name": "33716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33716" + }, + { + "name": "http://moinmo.in/SecurityFixes#moin1.8.1", + "refsource": "CONFIRM", + "url": "http://moinmo.in/SecurityFixes#moin1.8.1" + }, + { + "name": "33365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33365" + }, + { + "name": "51485", + "refsource": "OSVDB", + "url": "http://osvdb.org/51485" + }, + { + "name": "20090120 MoinMoin Wiki Engine XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded" + }, + { + "name": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1", + "refsource": "CONFIRM", + "url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1" + }, + { + "name": "moinmoin-attachfilepy-xss(48126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126" + }, + { + "name": "DSA-1715", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2009/dsa-1715" + }, + { + "name": "USN-716-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/716-1/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0546.json b/2009/0xxx/CVE-2009-0546.json index 67d60f53b8d..2da1980c6f6 100644 --- a/2009/0xxx/CVE-2009-0546.json +++ b/2009/0xxx/CVE-2009-0546.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500686/100/0/threaded" - }, - { - "name" : "7995", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7995" - }, - { - "name" : "8010", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8010" - }, - { - "name" : "http://security.bkis.vn/?p=329", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=329" - }, - { - "name" : "33630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33630" - }, - { - "name" : "51753", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51753" - }, - { - "name" : "33718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33718" + }, + { + "name": "51753", + "refsource": "OSVDB", + "url": "http://osvdb.org/51753" + }, + { + "name": "20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500686/100/0/threaded" + }, + { + "name": "33630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33630" + }, + { + "name": "7995", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7995" + }, + { + "name": "8010", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8010" + }, + { + "name": "http://security.bkis.vn/?p=329", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=329" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0848.json b/2009/0xxx/CVE-2009-0848.json index b6b1c3b35cb..b04a6ed9c17 100644 --- a/2009/0xxx/CVE-2009-0848.json +++ b/2009/0xxx/CVE-2009-0848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified \"relative search path.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2009:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" - }, - { - "name" : "34259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34259" - }, - { - "name" : "opensuse-gtk2-code-execution(49228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified \"relative search path.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34259" + }, + { + "name": "SUSE-SR:2009:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" + }, + { + "name": "opensuse-gtk2-code-execution(49228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49228" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1416.json b/2009/1xxx/CVE-2009-1416.json index 1485bc8747b..d9daf7eec4d 100644 --- a/2009/1xxx/CVE-2009-1416.json +++ b/2009/1xxx/CVE-2009-1416.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516" - }, - { - "name" : "[help-gnutls] 20090420 Encryption using DSA keys", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html" - }, - { - "name" : "GLSA-200905-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200905-04.xml" - }, - { - "name" : "MDVSA-2009:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116" - }, - { - "name" : "34783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34783" - }, - { - "name" : "1022158", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022158" - }, - { - "name" : "34842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34842" - }, - { - "name" : "35211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35211" - }, - { - "name" : "ADV-2009-1218", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[help-gnutls] 20090420 Encryption using DSA keys", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html" + }, + { + "name": "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516" + }, + { + "name": "1022158", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022158" + }, + { + "name": "ADV-2009-1218", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1218" + }, + { + "name": "34783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34783" + }, + { + "name": "GLSA-200905-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200905-04.xml" + }, + { + "name": "34842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34842" + }, + { + "name": "35211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35211" + }, + { + "name": "MDVSA-2009:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1580.json b/2009/1xxx/CVE-2009-1580.json index ccdc549c421..62b00d855a0 100644 --- a/2009/1xxx/CVE-2009-1580.json +++ b/2009/1xxx/CVE-2009-1580.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" - }, - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676" - }, - { - "name" : "http://www.squirrelmail.org/security/issue/2009-05-11", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2009-05-11" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500358", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500358" - }, - { - "name" : "http://support.apple.com/kb/HT4188", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4188" - }, - { - "name" : "APPLE-SA-2010-06-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" - }, - { - "name" : "DSA-1802", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1802" - }, - { - "name" : "FEDORA-2009-4870", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" - }, - { - "name" : "FEDORA-2009-4880", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" - }, - { - "name" : "FEDORA-2009-4875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" - }, - { - "name" : "MDVSA-2009:110", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" - }, - { - "name" : "34916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34916" - }, - { - "name" : "oval:org.mitre.oval:def:10107", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107" - }, - { - "name" : "35052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35052" - }, - { - "name" : "35073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35073" - }, - { - "name" : "35140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35140" - }, - { - "name" : "40220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40220" - }, - { - "name" : "ADV-2009-1296", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1296" - }, - { - "name" : "ADV-2010-1481", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1481" - }, - { - "name" : "squirrelmail-baseuri-session-hijacking(50462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2010-06-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html" + }, + { + "name": "MDVSA-2009:110", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110" + }, + { + "name": "34916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34916" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog" + }, + { + "name": "ADV-2010-1481", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1481" + }, + { + "name": "FEDORA-2009-4870", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html" + }, + { + "name": "35140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35140" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500358", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358" + }, + { + "name": "FEDORA-2009-4880", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html" + }, + { + "name": "http://support.apple.com/kb/HT4188", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4188" + }, + { + "name": "40220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40220" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2009-05-11", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2009-05-11" + }, + { + "name": "ADV-2009-1296", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1296" + }, + { + "name": "35052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35052" + }, + { + "name": "FEDORA-2009-4875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html" + }, + { + "name": "35073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35073" + }, + { + "name": "squirrelmail-baseuri-session-hijacking(50462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462" + }, + { + "name": "oval:org.mitre.oval:def:10107", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107" + }, + { + "name": "DSA-1802", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1802" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1812.json b/2009/1xxx/CVE-2009-1812.json index 728a6ef08fc..7bfd741f16d 100644 --- a/2009/1xxx/CVE-2009-1812.json +++ b/2009/1xxx/CVE-2009-1812.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8708", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8708" - }, - { - "name" : "http://www.collector.ch/drupal5/?q=node/39", - "refsource" : "CONFIRM", - "url" : "http://www.collector.ch/drupal5/?q=node/39" - }, - { - "name" : "34998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34998" - }, - { - "name" : "35110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35110" - }, - { - "name" : "ADV-2009-1345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1345" + }, + { + "name": "8708", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8708" + }, + { + "name": "35110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35110" + }, + { + "name": "http://www.collector.ch/drupal5/?q=node/39", + "refsource": "CONFIRM", + "url": "http://www.collector.ch/drupal5/?q=node/39" + }, + { + "name": "34998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34998" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4495.json b/2009/4xxx/CVE-2009-4495.json index 5ec25524b58..c1446fe101b 100644 --- a/2009/4xxx/CVE-2009-4495.json +++ b/2009/4xxx/CVE-2009-4495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded" - }, - { - "name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", - "refsource" : "MISC", - "url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" - }, - { - "name" : "37716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37716" + }, + { + "name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", + "refsource": "MISC", + "url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt" + }, + { + "name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4645.json b/2009/4xxx/CVE-2009-4645.json index bb16782fccc..3f42d54cbda 100644 --- a/2009/4xxx/CVE-2009-4645.json +++ b/2009/4xxx/CVE-2009-4645.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.portcullis-security.com/340.php", - "refsource" : "MISC", - "url" : "http://www.portcullis-security.com/340.php" - }, - { - "name" : "38176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38176" - }, - { - "name" : "38538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38538" - }, - { - "name" : "fta-webclientuserguide-directory-traversal(56246)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fta-webclientuserguide-directory-traversal(56246)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56246" + }, + { + "name": "38176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38176" + }, + { + "name": "38538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38538" + }, + { + "name": "http://www.portcullis-security.com/340.php", + "refsource": "MISC", + "url": "http://www.portcullis-security.com/340.php" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4776.json b/2009/4xxx/CVE-2009-4776.json index bafd814130d..8adcdf8140f 100644 --- a/2009/4xxx/CVE-2009-4776.json +++ b/2009/4xxx/CVE-2009-4776.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html" - }, - { - "name" : "36309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36309" - }, - { - "name" : "57834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/57834" - }, - { - "name" : "36622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36622" - }, - { - "name" : "ADV-2009-2574", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html" + }, + { + "name": "57834", + "refsource": "OSVDB", + "url": "http://osvdb.org/57834" + }, + { + "name": "36309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36309" + }, + { + "name": "36622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36622" + }, + { + "name": "ADV-2009-2574", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2574" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5007.json b/2009/5xxx/CVE-2009-5007.json index 033dfe42b88..b1b021c3ee0 100644 --- a/2009/5xxx/CVE-2009-5007.json +++ b/2009/5xxx/CVE-2009-5007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.infradead.org/openconnect.html", - "refsource" : "MISC", - "url" : "http://www.infradead.org/openconnect.html" - }, - { - "name" : "42093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42093" + }, + { + "name": "http://www.infradead.org/openconnect.html", + "refsource": "MISC", + "url": "http://www.infradead.org/openconnect.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2158.json b/2012/2xxx/CVE-2012-2158.json index 2bc43aea93c..fc961c23e45 100644 --- a/2012/2xxx/CVE-2012-2158.json +++ b/2012/2xxx/CVE-2012-2158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2376.json b/2012/2xxx/CVE-2012-2376.json index 59280f93bf5..0c33b0a727e 100644 --- a/2012/2xxx/CVE-2012-2376.json +++ b/2012/2xxx/CVE-2012-2376.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18861", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18861/" - }, - { - "name" : "[oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/05/20/2" - }, - { - "name" : "http://isc.sans.edu/diary.html?storyid=13255", - "refsource" : "MISC", - "url" : "http://isc.sans.edu/diary.html?storyid=13255" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=823464", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=823464" - }, - { - "name" : "1027089", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027089" - }, - { - "name" : "php-comprinttypeinfo-function-dos(75778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://isc.sans.edu/diary.html?storyid=13255", + "refsource": "MISC", + "url": "http://isc.sans.edu/diary.html?storyid=13255" + }, + { + "name": "php-comprinttypeinfo-function-dos(75778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75778" + }, + { + "name": "18861", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18861/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=823464", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=823464" + }, + { + "name": "[oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/05/20/2" + }, + { + "name": "1027089", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027089" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2385.json b/2012/2xxx/CVE-2012-2385.json index a0d417c6407..bd81261efe0 100644 --- a/2012/2xxx/CVE-2012-2385.json +++ b/2012/2xxx/CVE-2012-2385.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/22/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=823943", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=823943" - }, - { - "name" : "https://github.com/keithw/mosh/blob/master/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/keithw/mosh/blob/master/ChangeLog" - }, - { - "name" : "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e", - "refsource" : "CONFIRM", - "url" : "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e" - }, - { - "name" : "https://github.com/keithw/mosh/issues/271", - "refsource" : "CONFIRM", - "url" : "https://github.com/keithw/mosh/issues/271" - }, - { - "name" : "FEDORA-2012-9414", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082814.html" - }, - { - "name" : "FEDORA-2012-9422", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082766.html" - }, - { - "name" : "FEDORA-2012-9442", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082850.html" - }, - { - "name" : "53646", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53646" - }, - { - "name" : "49260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49260" - }, - { - "name" : "mosh-sequences-dos(75779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2012-9422", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082766.html" + }, + { + "name": "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e", + "refsource": "CONFIRM", + "url": "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e" + }, + { + "name": "FEDORA-2012-9414", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082814.html" + }, + { + "name": "FEDORA-2012-9442", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082850.html" + }, + { + "name": "53646", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53646" + }, + { + "name": "49260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49260" + }, + { + "name": "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/22/9" + }, + { + "name": "https://github.com/keithw/mosh/issues/271", + "refsource": "CONFIRM", + "url": "https://github.com/keithw/mosh/issues/271" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=823943", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=823943" + }, + { + "name": "mosh-sequences-dos(75779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75779" + }, + { + "name": "https://github.com/keithw/mosh/blob/master/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/keithw/mosh/blob/master/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2471.json b/2012/2xxx/CVE-2012-2471.json index ab559661fe5..b64b21d2955 100644 --- a/2012/2xxx/CVE-2012-2471.json +++ b/2012/2xxx/CVE-2012-2471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2471", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2471", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2505.json b/2012/2xxx/CVE-2012-2505.json index 5989259b027..e816e72bae4 100644 --- a/2012/2xxx/CVE-2012-2505.json +++ b/2012/2xxx/CVE-2012-2505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3165.json b/2012/3xxx/CVE-2012-3165.json index adfee9821cb..80bfc110cd9 100644 --- a/2012/3xxx/CVE-2012-3165.json +++ b/2012/3xxx/CVE-2012-3165.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3215.json b/2012/3xxx/CVE-2012-3215.json index 8ee58140da2..815e827bbb0 100644 --- a/2012/3xxx/CVE-2012-3215.json +++ b/2012/3xxx/CVE-2012-3215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "56012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56012" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3360.json b/2012/3xxx/CVE-2012-3360.json index 256752beee1..2359912041f 100644 --- a/2012/3xxx/CVE-2012-3360.json +++ b/2012/3xxx/CVE-2012-3360.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/openstack/msg14089.html" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/1015531", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/1015531" - }, - { - "name" : "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7" - }, - { - "name" : "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9" - }, - { - "name" : "FEDORA-2012-10420", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html" - }, - { - "name" : "USN-1497-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1497-1" - }, - { - "name" : "54277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54277" - }, - { - "name" : "49763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49763" - }, - { - "name" : "49802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54277" + }, + { + "name": "49763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49763" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/1015531", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/1015531" + }, + { + "name": "49802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49802" + }, + { + "name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/openstack/msg14089.html" + }, + { + "name": "FEDORA-2012-10420", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html" + }, + { + "name": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7" + }, + { + "name": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9" + }, + { + "name": "USN-1497-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1497-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3851.json b/2012/3xxx/CVE-2012-3851.json index d9adf5a7c87..56efc8f316f 100644 --- a/2012/3xxx/CVE-2012-3851.json +++ b/2012/3xxx/CVE-2012-3851.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3851", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3851", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6239.json b/2012/6xxx/CVE-2012-6239.json index 5eba88a7caa..06d09d6bd35 100644 --- a/2012/6xxx/CVE-2012-6239.json +++ b/2012/6xxx/CVE-2012-6239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6239", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6239", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6423.json b/2012/6xxx/CVE-2012-6423.json index 8f51e5e1ed8..921bf583a96 100644 --- a/2012/6xxx/CVE-2012-6423.json +++ b/2012/6xxx/CVE-2012-6423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6544.json b/2012/6xxx/CVE-2012-6544.json index c7e0320765b..5ba3a0c6697 100644 --- a/2012/6xxx/CVE-2012-6544.json +++ b/2012/6xxx/CVE-2012-6544.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee" - }, - { - "name" : "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988" - }, - { - "name" : "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - }, - { - "name" : "RHSA-2013:1173", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html" - }, - { - "name" : "USN-1805-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1805-1" - }, - { - "name" : "USN-1808-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1808-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1805-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1805-1" + }, + { + "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13" + }, + { + "name": "USN-1808-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1808-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed" + }, + { + "name": "RHSA-2013:1173", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed" + }, + { + "name": "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee" + }, + { + "name": "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5052.json b/2015/5xxx/CVE-2015-5052.json index 612ba242312..eddc8ca98fd 100644 --- a/2015/5xxx/CVE-2015-5052.json +++ b/2015/5xxx/CVE-2015-5052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Sefrengo before 1.6.5 beta2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.sefrengo.org/index.php?showtopic=3399", - "refsource" : "CONFIRM", - "url" : "http://forum.sefrengo.org/index.php?showtopic=3399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Sefrengo before 1.6.5 beta2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.sefrengo.org/index.php?showtopic=3399", + "refsource": "CONFIRM", + "url": "http://forum.sefrengo.org/index.php?showtopic=3399" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5767.json b/2015/5xxx/CVE-2015-5767.json index d4d6d3ca54b..a04f42a5654 100644 --- a/2015/5xxx/CVE-2015-5767.json +++ b/2015/5xxx/CVE-2015-5767.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205265", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205265" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-30-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "https://support.apple.com/HT205265", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205265" + }, + { + "name": "APPLE-SA-2015-09-30-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2298.json b/2017/2xxx/CVE-2017-2298.json index f14fe40565a..68c1cd523d4 100644 --- a/2017/2xxx/CVE-2017-2298.json +++ b/2017/2xxx/CVE-2017-2298.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2017-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mcollective", - "version" : { - "version_data" : [ - { - "version_value" : "< 0.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string \"_pub.pem\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "missing input sanitization" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2017-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mcollective", + "version": { + "version_data": [ + { + "version_value": "< 0.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md" - }, - { - "name" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2", - "refsource" : "CONFIRM", - "url" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2" - }, - { - "name" : "https://puppet.com/security/cve/cve-2017-2298", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2017-2298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string \"_pub.pem\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "missing input sanitization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md" + }, + { + "name": "https://puppet.com/security/cve/cve-2017-2298", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2017-2298" + }, + { + "name": "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2", + "refsource": "CONFIRM", + "url": "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2932.json b/2017/2xxx/CVE-2017-2932.json index a06b09c14a1..5d3d4d49489 100644 --- a/2017/2xxx/CVE-2017-2932.json +++ b/2017/2xxx/CVE-2017-2932.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.186 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.186 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.186 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.186 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41609", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41609/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html" - }, - { - "name" : "95342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95342" - }, - { - "name" : "1037570", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "95342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95342" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" + }, + { + "name": "RHSA-2017:0057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html" + }, + { + "name": "41609", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41609/" + }, + { + "name": "1037570", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037570" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11093.json b/2018/11xxx/CVE-2018-11093.json index 643c141efba..1600c503937 100644 --- a/2018/11xxx/CVE-2018-11093.json +++ b/2018/11xxx/CVE-2018-11093.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/", - "refsource" : "CONFIRM", - "url" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/" - }, - { - "name" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22", - "refsource" : "CONFIRM", - "url" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22", + "refsource": "CONFIRM", + "url": "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22" + }, + { + "name": "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/", + "refsource": "CONFIRM", + "url": "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11336.json b/2018/11xxx/CVE-2018-11336.json index eaa3e8d2b89..d4670b252a1 100644 --- a/2018/11xxx/CVE-2018-11336.json +++ b/2018/11xxx/CVE-2018-11336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11362.json b/2018/11xxx/CVE-2018-11362.json index 23817e3a927..b2d5316a0e1 100644 --- a/2018/11xxx/CVE-2018-11362.json +++ b/2018/11xxx/CVE-2018-11362.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-25.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-25.html" - }, - { - "name" : "DSA-4217", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4217" - }, - { - "name" : "104308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104308" - }, - { - "name" : "1041036", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104308" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615" + }, + { + "name": "DSA-4217", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4217" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-25.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-25.html" + }, + { + "name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58" + }, + { + "name": "1041036", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041036" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14054.json b/2018/14xxx/CVE-2018-14054.json index ca1636df592..182b958b034 100644 --- a/2018/14xxx/CVE-2018-14054.json +++ b/2018/14xxx/CVE-2018-14054.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2018/07/13/1", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2018/07/13/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openwall.com/lists/oss-security/2018/07/13/1", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2018/07/13/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14838.json b/2018/14xxx/CVE-2018-14838.json index 621f53f217b..74770616072 100644 --- a/2018/14xxx/CVE-2018-14838.json +++ b/2018/14xxx/CVE-2018-14838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rejucms 2.1 has stored XSS via the admin/book.php content parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1", - "refsource" : "MISC", - "url" : "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rejucms 2.1 has stored XSS via the admin/book.php content parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1", + "refsource": "MISC", + "url": "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15421.json b/2018/15xxx/CVE-2018-15421.json index d9d57672484..7f0298018ec 100644 --- a/2018/15xxx/CVE-2018-15421.json +++ b/2018/15xxx/CVE-2018-15421.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-19T16:00:00-0500", - "ID" : "CVE-2018-15421", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx ARF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-19T16:00:00-0500", + "ID": "CVE-2018-15421", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx ARF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex" - }, - { - "name" : "105374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105374" - }, - { - "name" : "1041689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041689" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180919-webex", - "defect" : [ - [ - "CSCvj63665", - "CSCvj63672", - "CSCvj63676", - "CSCvj63717", - "CSCvj63724", - "CSCvj63729", - "CSCvj67334", - "CSCvj67339", - "CSCvj67344" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041689" + }, + { + "name": "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex" + }, + { + "name": "105374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105374" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180919-webex", + "defect": [ + [ + "CSCvj63665", + "CSCvj63672", + "CSCvj63676", + "CSCvj63717", + "CSCvj63724", + "CSCvj63729", + "CSCvj67334", + "CSCvj67339", + "CSCvj67344" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15524.json b/2018/15xxx/CVE-2018-15524.json index 08bd363812b..a0d7f71ff8d 100644 --- a/2018/15xxx/CVE-2018-15524.json +++ b/2018/15xxx/CVE-2018-15524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15524", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15524", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15669.json b/2018/15xxx/CVE-2018-15669.json index b51dc73c072..9d7b8f94d70 100644 --- a/2018/15xxx/CVE-2018-15669.json +++ b/2018/15xxx/CVE-2018-15669.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://versprite.com/advisories/airmail-3-for-mac-3/", - "refsource" : "MISC", - "url" : "https://versprite.com/advisories/airmail-3-for-mac-3/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://versprite.com/advisories/airmail-3-for-mac-3/", + "refsource": "MISC", + "url": "https://versprite.com/advisories/airmail-3-for-mac-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15974.json b/2018/15xxx/CVE-2018-15974.json index 0aea0ab04d8..486d55c1653 100644 --- a/2018/15xxx/CVE-2018-15974.json +++ b/2018/15xxx/CVE-2018-15974.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Framemaker", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.5.1 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Library Loading (DLL hijacking)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Framemaker", + "version": { + "version_data": [ + { + "version_value": "1.0.5.1 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html" - }, - { - "name" : "105537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Library Loading (DLL hijacking)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html" + }, + { + "name": "105537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105537" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8067.json b/2018/8xxx/CVE-2018-8067.json index cb3fbecaa4b..49d7571a4c2 100644 --- a/2018/8xxx/CVE-2018-8067.json +++ b/2018/8xxx/CVE-2018-8067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8337.json b/2018/8xxx/CVE-2018-8337.json index 4f3f6e38f33..2f2832fd649 100644 --- a/2018/8xxx/CVE-2018-8337.json +++ b/2018/8xxx/CVE-2018-8337.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka \"Windows Subsystem for Linux Security Feature Bypass Vulnerability.\" This affects Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337" - }, - { - "name" : "105250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka \"Windows Subsystem for Linux Security Feature Bypass Vulnerability.\" This affects Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105250" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8512.json b/2018/8xxx/CVE-2018-8512.json index 40324d99491..33a83a4b52a 100644 --- a/2018/8xxx/CVE-2018-8512.json +++ b/2018/8xxx/CVE-2018-8512.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512" - }, - { - "name" : "105486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105486" - }, - { - "name" : "1041825", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512" + }, + { + "name": "105486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105486" + }, + { + "name": "1041825", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041825" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8629.json b/2018/8xxx/CVE-2018-8629.json index 6d55e48cfbe..8f5bb0252af 100644 --- a/2018/8xxx/CVE-2018-8629.json +++ b/2018/8xxx/CVE-2018-8629.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - }, - { - "version_value" : "Windows Server 2019" - } - ] - } - }, - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows Server 2019" + } + ] + } + }, + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629" - }, - { - "name" : "106115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629" + }, + { + "name": "106115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106115" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8759.json b/2018/8xxx/CVE-2018-8759.json index 00860762a49..e2292c2bb01 100644 --- a/2018/8xxx/CVE-2018-8759.json +++ b/2018/8xxx/CVE-2018-8759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file