From ce4c733b5bde19f55586a919757e2749fba8e1fb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:03:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0769.json | 170 +++++++++--------- 2002/2xxx/CVE-2002-2016.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2212.json | 150 ++++++++-------- 2002/2xxx/CVE-2002-2255.json | 140 +++++++-------- 2005/0xxx/CVE-2005-0347.json | 150 ++++++++-------- 2005/0xxx/CVE-2005-0361.json | 34 ++-- 2005/0xxx/CVE-2005-0464.json | 160 ++++++++--------- 2005/0xxx/CVE-2005-0492.json | 160 ++++++++--------- 2005/0xxx/CVE-2005-0997.json | 120 ++++++------- 2005/1xxx/CVE-2005-1392.json | 150 ++++++++-------- 2005/1xxx/CVE-2005-1751.json | 230 ++++++++++++------------ 2005/4xxx/CVE-2005-4313.json | 170 +++++++++--------- 2005/4xxx/CVE-2005-4417.json | 120 ++++++------- 2009/0xxx/CVE-2009-0386.json | 290 +++++++++++++++--------------- 2009/0xxx/CVE-2009-0527.json | 150 ++++++++-------- 2009/0xxx/CVE-2009-0718.json | 160 ++++++++--------- 2009/0xxx/CVE-2009-0843.json | 220 +++++++++++------------ 2009/1xxx/CVE-2009-1354.json | 150 ++++++++-------- 2009/1xxx/CVE-2009-1962.json | 160 ++++++++--------- 2009/4xxx/CVE-2009-4574.json | 160 ++++++++--------- 2009/5xxx/CVE-2009-5025.json | 34 ++-- 2012/2xxx/CVE-2012-2664.json | 160 ++++++++--------- 2012/2xxx/CVE-2012-2720.json | 180 +++++++++---------- 2012/3xxx/CVE-2012-3237.json | 34 ++-- 2012/3xxx/CVE-2012-3274.json | 140 +++++++-------- 2012/3xxx/CVE-2012-3894.json | 34 ++-- 2012/3xxx/CVE-2012-3979.json | 160 ++++++++--------- 2012/3xxx/CVE-2012-3982.json | 320 ++++++++++++++++----------------- 2012/6xxx/CVE-2012-6090.json | 150 ++++++++-------- 2012/6xxx/CVE-2012-6181.json | 34 ++-- 2012/6xxx/CVE-2012-6523.json | 180 +++++++++---------- 2012/6xxx/CVE-2012-6575.json | 150 ++++++++-------- 2012/6xxx/CVE-2012-6649.json | 34 ++-- 2015/5xxx/CVE-2015-5169.json | 170 +++++++++--------- 2015/5xxx/CVE-2015-5457.json | 170 +++++++++--------- 2015/5xxx/CVE-2015-5468.json | 150 ++++++++-------- 2015/5xxx/CVE-2015-5834.json | 170 +++++++++--------- 2017/2xxx/CVE-2017-2060.json | 34 ++-- 2017/2xxx/CVE-2017-2186.json | 140 +++++++-------- 2017/2xxx/CVE-2017-2912.json | 122 ++++++------- 2018/11xxx/CVE-2018-11043.json | 34 ++-- 2018/11xxx/CVE-2018-11099.json | 120 ++++++------- 2018/11xxx/CVE-2018-11573.json | 34 ++-- 2018/11xxx/CVE-2018-11597.json | 130 +++++++------- 2018/11xxx/CVE-2018-11672.json | 34 ++-- 2018/11xxx/CVE-2018-11706.json | 120 ++++++------- 2018/11xxx/CVE-2018-11895.json | 130 +++++++------- 2018/14xxx/CVE-2018-14086.json | 120 ++++++------- 2018/14xxx/CVE-2018-14310.json | 130 +++++++------- 2018/15xxx/CVE-2018-15164.json | 34 ++-- 2018/15xxx/CVE-2018-15486.json | 130 +++++++------- 2018/15xxx/CVE-2018-15521.json | 34 ++-- 2018/15xxx/CVE-2018-15772.json | 174 +++++++++--------- 2018/3xxx/CVE-2018-3470.json | 34 ++-- 2018/3xxx/CVE-2018-3980.json | 122 ++++++------- 2018/8xxx/CVE-2018-8223.json | 34 ++-- 2018/8xxx/CVE-2018-8351.json | 300 +++++++++++++++---------------- 57 files changed, 3732 insertions(+), 3732 deletions(-) diff --git a/2002/0xxx/CVE-2002-0769.json b/2002/0xxx/CVE-2002-0769.json index 32331dc3d87..330b3c6f93c 100644 --- a/2002/0xxx/CVE-2002-0769.json +++ b/2002/0xxx/CVE-2002-0769.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020509 Cisco ATA-186 admin password can be trivially circumvented", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html" - }, - { - "name" : "20020523 ATA-186 Password Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml" - }, - { - "name" : "cisco-ata-bypass-auth(9057)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9057.php" - }, - { - "name" : "cisco-ata-reveal-info(9056)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9056.php" - }, - { - "name" : "4711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4711" - }, - { - "name" : "4712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4711" + }, + { + "name": "cisco-ata-reveal-info(9056)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9056.php" + }, + { + "name": "20020523 ATA-186 Password Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml" + }, + { + "name": "cisco-ata-bypass-auth(9057)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9057.php" + }, + { + "name": "4712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4712" + }, + { + "name": "20020509 Cisco ATA-186 admin password can be trivially circumvented", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0083.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2016.json b/2002/2xxx/CVE-2002-2016.json index 5d0ae8ed0b2..b1ab8cd4c84 100644 --- a/2002/2xxx/CVE-2002-2016.json +++ b/2002/2xxx/CVE-2002-2016.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020128 user-mode-linux problems", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0338.html" - }, - { - "name" : "3973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3973" - }, - { - "name" : "uml-kernel-memory-access(8005)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8005.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3973" + }, + { + "name": "uml-kernel-memory-access(8005)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8005.php" + }, + { + "name": "20020128 user-mode-linux problems", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0338.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2212.json b/2002/2xxx/CVE-2002-2212.json index 7a1b158bb2a..3b3f625f6d9 100644 --- a/2002/2xxx/CVE-2002-2212.json +++ b/2002/2xxx/CVE-2002-2212.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html", - "refsource" : "MISC", - "url" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html" - }, - { - "name" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf", - "refsource" : "MISC", - "url" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT5K", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT5K" - }, - { - "name" : "VU#457875", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/457875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf", + "refsource": "MISC", + "url": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf" + }, + { + "name": "VU#457875", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/457875" + }, + { + "name": "http://www.kb.cert.org/vuls/id/IAFY-5FDT5K", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/IAFY-5FDT5K" + }, + { + "name": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html", + "refsource": "MISC", + "url": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2255.json b/2002/2xxx/CVE-2002-2255.json index 69bf29311df..028cc4cc23c 100644 --- a/2002/2xxx/CVE-2002-2255.json +++ b/2002/2xxx/CVE-2002-2255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021203 Cross-site Scripting Vulnerability in phpBB 2.0.3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0053.html" - }, - { - "name" : "6311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6311" - }, - { - "name" : "phpbb-search-username-xss(10773)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6311" + }, + { + "name": "phpbb-search-username-xss(10773)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10773" + }, + { + "name": "20021203 Cross-site Scripting Vulnerability in phpBB 2.0.3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0053.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0347.json b/2005/0xxx/CVE-2005-0347.json index 1e0ad77918c..a1b40f4e90a 100644 --- a/2005/0xxx/CVE-2005-0347.json +++ b/2005/0xxx/CVE-2005-0347.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050208 Integer overflow and arbitrary files deletion in RealArcade", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110792779115794&w=2" - }, - { - "name" : "1013128", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013128" - }, - { - "name" : "14187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14187/" - }, - { - "name" : "realarcade-rgs-bo(19259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14187/" + }, + { + "name": "1013128", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013128" + }, + { + "name": "realarcade-rgs-bo(19259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19259" + }, + { + "name": "20050208 Integer overflow and arbitrary files deletion in RealArcade", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110792779115794&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0361.json b/2005/0xxx/CVE-2005-0361.json index 1435d82af19..da833ea5712 100644 --- a/2005/0xxx/CVE-2005-0361.json +++ b/2005/0xxx/CVE-2005-0361.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0361", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0361", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0464.json b/2005/0xxx/CVE-2005-0464.json index 680f3a06d02..df8b7dd8cf8 100644 --- a/2005/0xxx/CVE-2005-0464.json +++ b/2005/0xxx/CVE-2005-0464.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050407 SGI IRIX gr_osview Information Disclosure Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=226&type=vulnerabilities" - }, - { - "name" : "20050402-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P" - }, - { - "name" : "15351", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15351" - }, - { - "name" : "1013662", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013662" - }, - { - "name" : "14875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15351", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15351" + }, + { + "name": "1013662", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013662" + }, + { + "name": "20050402-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P" + }, + { + "name": "20050407 SGI IRIX gr_osview Information Disclosure Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=226&type=vulnerabilities" + }, + { + "name": "14875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14875" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0492.json b/2005/0xxx/CVE-2005-0492.json index 7fd7dce1641..2fe2db5ada6 100644 --- a/2005/0xxx/CVE-2005-0492.json +++ b/2005/0xxx/CVE-2005-0492.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050218 Adobe Reader invalid root page node Count value DOS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110879063511486&w=2" - }, - { - "name" : "http://www.adobe.com/support/techdocs/331468.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/331468.html" - }, - { - "name" : "ADV-2005-0310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0310" - }, - { - "name" : "14813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14813" - }, - { - "name" : "adobe-root-page-node-dos(19946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14813" + }, + { + "name": "http://www.adobe.com/support/techdocs/331468.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/331468.html" + }, + { + "name": "20050218 Adobe Reader invalid root page node Count value DOS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110879063511486&w=2" + }, + { + "name": "ADV-2005-0310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0310" + }, + { + "name": "adobe-root-page-node-dos(19946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19946" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0997.json b/2005/0xxx/CVE-2005-0997.json index 1d8316f33cf..e30a0e9e951 100644 --- a/2005/0xxx/CVE-2005-0997.json +++ b/2005/0xxx/CVE-2005-0997.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050403 [SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111289685724764&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050403 [SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111289685724764&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1392.json b/2005/1xxx/CVE-2005-1392.json index fac444f632d..1eea9438552 100644 --- a/2005/1xxx/CVE-2005-1392.json +++ b/2005/1xxx/CVE-2005-1392.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200504-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200504-30.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=88831", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=88831" - }, - { - "name" : "ADV-2005-0436", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0436" - }, - { - "name" : "16053", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16053", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16053" + }, + { + "name": "ADV-2005-0436", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0436" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=88831", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=88831" + }, + { + "name": "GLSA-200504-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200504-30.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1751.json b/2005/1xxx/CVE-2005-1751.json index deace830edf..c9d662159f0 100644 --- a/2005/1xxx/CVE-2005-1751.json +++ b/2005/1xxx/CVE-2005-1751.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zataz.net/adviso/shtool-05252005.txt", - "refsource" : "MISC", - "url" : "http://www.zataz.net/adviso/shtool-05252005.txt" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=93782", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=93782" - }, - { - "name" : "DSA-789", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-789" - }, - { - "name" : "GLSA-200506-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml" - }, - { - "name" : "RHSA-2005:564", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-564.html" - }, - { - "name" : "13767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13767" - }, - { - "name" : "oval:org.mitre.oval:def:345", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A345" - }, - { - "name" : "oval:org.mitre.oval:def:9639", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9639" - }, - { - "name" : "1014059", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014059" - }, - { - "name" : "15496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15496" - }, - { - "name" : "OpenPKG-SA-2005.011", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=111955937622637&w=2" - }, - { - "name" : "15668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-789", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-789" + }, + { + "name": "oval:org.mitre.oval:def:9639", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9639" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=93782", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=93782" + }, + { + "name": "15668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15668" + }, + { + "name": "15496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15496" + }, + { + "name": "1014059", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014059" + }, + { + "name": "13767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13767" + }, + { + "name": "oval:org.mitre.oval:def:345", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A345" + }, + { + "name": "http://www.zataz.net/adviso/shtool-05252005.txt", + "refsource": "MISC", + "url": "http://www.zataz.net/adviso/shtool-05252005.txt" + }, + { + "name": "RHSA-2005:564", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-564.html" + }, + { + "name": "GLSA-200506-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200506-08.xml" + }, + { + "name": "OpenPKG-SA-2005.011", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=111955937622637&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4313.json b/2005/4xxx/CVE-2005-4313.json index cdeafc782bd..31eeb1ad3f3 100644 --- a/2005/4xxx/CVE-2005-4313.json +++ b/2005/4xxx/CVE-2005-4313.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html" - }, - { - "name" : "15899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15899" - }, - { - "name" : "ADV-2005-2943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2943" - }, - { - "name" : "21783", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21783" - }, - { - "name" : "18094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18094" - }, - { - "name" : "personals-index-sql-injection(50393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/12/almondsoft-products-sql-inj.html" + }, + { + "name": "15899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15899" + }, + { + "name": "personals-index-sql-injection(50393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50393" + }, + { + "name": "21783", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21783" + }, + { + "name": "ADV-2005-2943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2943" + }, + { + "name": "18094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18094" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4417.json b/2005/4xxx/CVE-2005-4417.json index 94504f2990f..e3d284db679 100644 --- a/2005/4xxx/CVE-2005-4417.json +++ b/2005/4xxx/CVE-2005-4417.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051216 DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping'", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419642/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051216 DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping'", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419642/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0386.json b/2009/0xxx/CVE-2009-0386.json index ac4765bdc9d..ac79700027e 100644 --- a/2009/0xxx/CVE-2009-0386.json +++ b/2009/0xxx/CVE-2009-0386.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500317/100/0/threaded" - }, - { - "name" : "[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/01/29/3" - }, - { - "name" : "http://trapkit.de/advisories/TKADV2009-003.txt", - "refsource" : "MISC", - "url" : "http://trapkit.de/advisories/TKADV2009-003.txt" - }, - { - "name" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53" - }, - { - "name" : "http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html", - "refsource" : "CONFIRM", - "url" : "http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481267", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481267" - }, - { - "name" : "GLSA-200907-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-11.xml" - }, - { - "name" : "MDVSA-2009:035", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:035" - }, - { - "name" : "RHSA-2009:0271", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0271.html" - }, - { - "name" : "SUSE-SR:2009:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html" - }, - { - "name" : "USN-736-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-736-1" - }, - { - "name" : "33405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33405" - }, - { - "name" : "oval:org.mitre.oval:def:10306", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306" - }, - { - "name" : "33815", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33815" - }, - { - "name" : "34336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34336" - }, - { - "name" : "35777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35777" - }, - { - "name" : "ADV-2009-0225", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0225" - }, - { - "name" : "33650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample (ctts) atom data in a malformed QuickTime media .mov file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33405" + }, + { + "name": "oval:org.mitre.oval:def:10306", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306" + }, + { + "name": "20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500317/100/0/threaded" + }, + { + "name": "34336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34336" + }, + { + "name": "33815", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33815" + }, + { + "name": "35777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35777" + }, + { + "name": "http://trapkit.de/advisories/TKADV2009-003.txt", + "refsource": "MISC", + "url": "http://trapkit.de/advisories/TKADV2009-003.txt" + }, + { + "name": "RHSA-2009:0271", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0271.html" + }, + { + "name": "GLSA-200907-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-11.xml" + }, + { + "name": "33650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33650" + }, + { + "name": "ADV-2009-0225", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0225" + }, + { + "name": "SUSE-SR:2009:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481267", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=481267" + }, + { + "name": "USN-736-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-736-1" + }, + { + "name": "http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html", + "refsource": "CONFIRM", + "url": "http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html" + }, + { + "name": "[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/01/29/3" + }, + { + "name": "http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53" + }, + { + "name": "MDVSA-2009:035", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:035" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0527.json b/2009/0xxx/CVE-2009-0527.json index 7f9991febd5..b2c1c5fdcf9 100644 --- a/2009/0xxx/CVE-2009-0527.json +++ b/2009/0xxx/CVE-2009-0527.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8016", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8016" - }, - { - "name" : "33698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33698" - }, - { - "name" : "33866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33866" - }, - { - "name" : "adaptcms-sitepath-file-include(48610)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33866" + }, + { + "name": "8016", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8016" + }, + { + "name": "adaptcms-sitepath-file-include(48610)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48610" + }, + { + "name": "33698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33698" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0718.json b/2009/0xxx/CVE-2009-0718.json index 27a46a5ce49..25002fe121e 100644 --- a/2009/0xxx/CVE-2009-0718.json +++ b/2009/0xxx/CVE-2009-0718.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02422", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124025929213175&w=2" - }, - { - "name" : "SSRT080146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124025929213175&w=2" - }, - { - "name" : "1022087", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022087" - }, - { - "name" : "34808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34808" - }, - { - "name" : "ADV-2009-1108", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02422", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124025929213175&w=2" + }, + { + "name": "1022087", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022087" + }, + { + "name": "SSRT080146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124025929213175&w=2" + }, + { + "name": "34808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34808" + }, + { + "name": "ADV-2009-1108", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1108" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0843.json b/2009/0xxx/CVE-2009-0843.json index 9a72cdcc038..c7d52ac75ce 100644 --- a/2009/0xxx/CVE-2009-0843.json +++ b/2009/0xxx/CVE-2009-0843.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502271/100/0/threaded" - }, - { - "name" : "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" - }, - { - "name" : "http://www.positronsecurity.com/advisories/2009-000.html", - "refsource" : "MISC", - "url" : "http://www.positronsecurity.com/advisories/2009-000.html" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/2939", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/2939" - }, - { - "name" : "DSA-1914", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1914" - }, - { - "name" : "FEDORA-2009-3357", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" - }, - { - "name" : "FEDORA-2009-3383", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" - }, - { - "name" : "34306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34306" - }, - { - "name" : "1021952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021952" - }, - { - "name" : "34520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34520" - }, - { - "name" : "34603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.positronsecurity.com/advisories/2009-000.html", + "refsource": "MISC", + "url": "http://www.positronsecurity.com/advisories/2009-000.html" + }, + { + "name": "http://trac.osgeo.org/mapserver/ticket/2939", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/2939" + }, + { + "name": "1021952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021952" + }, + { + "name": "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502271/100/0/threaded" + }, + { + "name": "34603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34603" + }, + { + "name": "FEDORA-2009-3383", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" + }, + { + "name": "34306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34306" + }, + { + "name": "34520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34520" + }, + { + "name": "DSA-1914", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1914" + }, + { + "name": "FEDORA-2009-3357", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" + }, + { + "name": "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1354.json b/2009/1xxx/CVE-2009-1354.json index b941ee4c215..d3c5f6a9d39 100644 --- a/2009/1xxx/CVE-2009-1354.json +++ b/2009/1xxx/CVE-2009-1354.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090413 MonGoose 2.4 Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502648/100/0/threaded" - }, - { - "name" : "8428", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8428" - }, - { - "name" : "34510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34510" - }, - { - "name" : "mongoose-directory-traversal(49878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8428", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8428" + }, + { + "name": "mongoose-directory-traversal(49878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49878" + }, + { + "name": "20090413 MonGoose 2.4 Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502648/100/0/threaded" + }, + { + "name": "34510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34510" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1962.json b/2009/1xxx/CVE-2009-1962.json index 60fdd77cbf9..70504ba96cb 100644 --- a/2009/1xxx/CVE-2009-1962.json +++ b/2009/1xxx/CVE-2009-1962.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090401 CVE id rquest: xfig insecure tmp files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/04/01/6" - }, - { - "name" : "MDVSA-2009:244", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:244" - }, - { - "name" : "34328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34328" - }, - { - "name" : "35320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35320" - }, - { - "name" : "xfig-temp-symlink(49600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xfig-temp-symlink(49600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49600" + }, + { + "name": "MDVSA-2009:244", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:244" + }, + { + "name": "[oss-security] 20090401 CVE id rquest: xfig insecure tmp files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/04/01/6" + }, + { + "name": "35320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35320" + }, + { + "name": "34328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34328" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4574.json b/2009/4xxx/CVE-2009-4574.json index 2a088062f88..4b520c8422d 100644 --- a/2009/4xxx/CVE-2009-4574.json +++ b/2009/4xxx/CVE-2009-4574.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0912-exploits/iescorts-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0912-exploits/iescorts-sql.txt" - }, - { - "name" : "10809", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10809" - }, - { - "name" : "61397", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/61397" - }, - { - "name" : "37957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37957" - }, - { - "name" : "iescortsdirectory-countryid-sql-injection(55208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61397", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/61397" + }, + { + "name": "iescortsdirectory-countryid-sql-injection(55208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55208" + }, + { + "name": "10809", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10809" + }, + { + "name": "37957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37957" + }, + { + "name": "http://packetstormsecurity.org/0912-exploits/iescorts-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0912-exploits/iescorts-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5025.json b/2009/5xxx/CVE-2009-5025.json index c886920b8d2..879df95e7c0 100644 --- a/2009/5xxx/CVE-2009-5025.json +++ b/2009/5xxx/CVE-2009-5025.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5025", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5025", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2664.json b/2012/2xxx/CVE-2012-2664.json index 9575416e2f4..2d9ae3158aa 100644 --- a/2012/2xxx/CVE-2012-2664.json +++ b/2012/2xxx/CVE-2012-2664.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "RHSA-2012:0958", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0958.html" - }, - { - "name" : "RHSA-2013:1121", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1121.html" - }, - { - "name" : "54116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54116" - }, - { - "name" : "sos-anaconda-info-disclosure(76468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "RHSA-2012:0958", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0958.html" + }, + { + "name": "RHSA-2013:1121", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1121.html" + }, + { + "name": "sos-anaconda-info-disclosure(76468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76468" + }, + { + "name": "54116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54116" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2720.json b/2012/2xxx/CVE-2012-2720.json index d1a24012aae..7ac26c2770b 100644 --- a/2012/2xxx/CVE-2012-2720.json +++ b/2012/2xxx/CVE-2012-2720.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1619808", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1619808" - }, - { - "name" : "http://drupal.org/node/1618476", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1618476" - }, - { - "name" : "53840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53840" - }, - { - "name" : "82727", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82727" - }, - { - "name" : "49400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49400" - }, - { - "name" : "tokenauth-usersession-security-bypass(76141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49400" + }, + { + "name": "http://drupal.org/node/1618476", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1618476" + }, + { + "name": "82727", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82727" + }, + { + "name": "53840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53840" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "tokenauth-usersession-security-bypass(76141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76141" + }, + { + "name": "http://drupal.org/node/1619808", + "refsource": "MISC", + "url": "http://drupal.org/node/1619808" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3237.json b/2012/3xxx/CVE-2012-3237.json index 41f95a10f7c..7a205db633c 100644 --- a/2012/3xxx/CVE-2012-3237.json +++ b/2012/3xxx/CVE-2012-3237.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3237", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3237", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3274.json b/2012/3xxx/CVE-2012-3274.json index 99e9cc4aeb7..662aa79af8b 100644 --- a/2012/3xxx/CVE-2012-3274.json +++ b/2012/3xxx/CVE-2012-3274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-12-171/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-12-171/" - }, - { - "name" : "HPSB3C02831", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03589863" - }, - { - "name" : "SSRT100661", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03589863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSB3C02831", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03589863" + }, + { + "name": "SSRT100661", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03589863" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-12-171/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-12-171/" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3894.json b/2012/3xxx/CVE-2012-3894.json index 66bb25f1f7d..78f9c10125d 100644 --- a/2012/3xxx/CVE-2012-3894.json +++ b/2012/3xxx/CVE-2012-3894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3979.json b/2012/3xxx/CVE-2012-3979.json index 94d8a678ba0..075371bbf88 100644 --- a/2012/3xxx/CVE-2012-3979.json +++ b/2012/3xxx/CVE-2012-3979.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-71.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-71.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=769265", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=769265" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "55344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-71.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-71.html" + }, + { + "name": "55344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55344" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=769265", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=769265" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3982.json b/2012/3xxx/CVE-2012-3982.json index bc1ab356e52..527c624abad 100644 --- a/2012/3xxx/CVE-2012-3982.json +++ b/2012/3xxx/CVE-2012-3982.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=783502", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=783502" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790856", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790856" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794025", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794025" - }, - { - "name" : "DSA-2569", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2569" - }, - { - "name" : "DSA-2565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2565" - }, - { - "name" : "DSA-2572", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2572" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "55924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55924" - }, - { - "name" : "oval:org.mitre.oval:def:16612", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16612" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "51181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51181" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=794025", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794025" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "DSA-2565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2565" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "oval:org.mitre.oval:def:16612", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16612" + }, + { + "name": "55924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55924" + }, + { + "name": "DSA-2572", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2572" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-74.html" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "51181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51181" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=790856", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790856" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "DSA-2569", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2569" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=783502", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=783502" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6090.json b/2012/6xxx/CVE-2012-6090.json index 3066fea719b..09056a6af73 100644 --- a/2012/6xxx/CVE-2012-6090.json +++ b/2012/6xxx/CVE-2012-6090.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/03/7" - }, - { - "name" : "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5", - "refsource" : "MLIST", - "url" : "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html" - }, - { - "name" : "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e", - "refsource" : "CONFIRM", - "url" : "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=891577", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=891577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e", + "refsource": "CONFIRM", + "url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e" + }, + { + "name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/03/7" + }, + { + "name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5", + "refsource": "MLIST", + "url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6181.json b/2012/6xxx/CVE-2012-6181.json index c48d89ce777..863a8c9777b 100644 --- a/2012/6xxx/CVE-2012-6181.json +++ b/2012/6xxx/CVE-2012-6181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6181", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6181", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6523.json b/2012/6xxx/CVE-2012-6523.json index 80a972f3c19..c7c7e0f3951 100644 --- a/2012/6xxx/CVE-2012-6523.json +++ b/2012/6xxx/CVE-2012-6523.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18348", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18348" - }, - { - "name" : "51359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51359" - }, - { - "name" : "78267", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78267" - }, - { - "name" : "78268", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78268" - }, - { - "name" : "47527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47527" - }, - { - "name" : "wcms-comment-xss(72301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72301" - }, - { - "name" : "wcms-index-xss(72300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78268", + "refsource": "OSVDB", + "url": "http://osvdb.org/78268" + }, + { + "name": "wcms-index-xss(72300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72300" + }, + { + "name": "47527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47527" + }, + { + "name": "18348", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18348" + }, + { + "name": "78267", + "refsource": "OSVDB", + "url": "http://osvdb.org/78267" + }, + { + "name": "wcms-comment-xss(72301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72301" + }, + { + "name": "51359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51359" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6575.json b/2012/6xxx/CVE-2012-6575.json index 0680bb999af..0e815d48bc9 100644 --- a/2012/6xxx/CVE-2012-6575.json +++ b/2012/6xxx/CVE-2012-6575.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/1775582", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1775582" - }, - { - "name" : "https://drupal.org/node/1774636", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1774636" - }, - { - "name" : "85190", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85190" - }, - { - "name" : "exposed-filter-drupal-xss(78316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85190", + "refsource": "OSVDB", + "url": "http://osvdb.org/85190" + }, + { + "name": "https://drupal.org/node/1775582", + "refsource": "MISC", + "url": "https://drupal.org/node/1775582" + }, + { + "name": "exposed-filter-drupal-xss(78316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78316" + }, + { + "name": "https://drupal.org/node/1774636", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1774636" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6649.json b/2012/6xxx/CVE-2012-6649.json index d74c4beb9c1..4adb5e202a5 100644 --- a/2012/6xxx/CVE-2012-6649.json +++ b/2012/6xxx/CVE-2012-6649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5169.json b/2015/5xxx/CVE-2015-5169.json index ecba314a48b..2228ed61dfa 100644 --- a/2015/5xxx/CVE-2015-5169.json +++ b/2015/5xxx/CVE-2015-5169.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260087", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1260087" - }, - { - "name" : "https://struts.apache.org/docs/s2-025.html", - "refsource" : "CONFIRM", - "url" : "https://struts.apache.org/docs/s2-025.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180629-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180629-0003/" - }, - { - "name" : "JVN#95989300", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN95989300/index.html" - }, - { - "name" : "JVNDB-2015-000125", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html" - }, - { - "name" : "76625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180629-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" + }, + { + "name": "76625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76625" + }, + { + "name": "https://struts.apache.org/docs/s2-025.html", + "refsource": "CONFIRM", + "url": "https://struts.apache.org/docs/s2-025.html" + }, + { + "name": "JVNDB-2015-000125", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087" + }, + { + "name": "JVN#95989300", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN95989300/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5457.json b/2015/5xxx/CVE-2015-5457.json index 147bb271350..b4c4ceec429 100644 --- a/2015/5xxx/CVE-2015-5457.json +++ b/2015/5xxx/CVE-2015-5457.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535860/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html" - }, - { - "name" : "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/", - "refsource" : "MISC", - "url" : "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/" - }, - { - "name" : "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released" - }, - { - "name" : "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451" - }, - { - "name" : "75577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/", + "refsource": "MISC", + "url": "http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/" + }, + { + "name": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html" + }, + { + "name": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released" + }, + { + "name": "75577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75577" + }, + { + "name": "20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535860/100/0/threaded" + }, + { + "name": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/pivot-weblog/code/4452/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4451" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5468.json b/2015/5xxx/CVE-2015-5468.json index b1af5fa7887..e3d838d382b 100644 --- a/2015/5xxx/CVE-2015-5468.json +++ b/2015/5xxx/CVE-2015-5468.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150706 Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/06/19" - }, - { - "name" : "[oss-security] 20150710 Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/07/10/4" - }, - { - "name" : "http://www.vapid.dhs.org/advisory.php?v=136", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisory.php?v=136" - }, - { - "name" : "https://wordpress.org/plugins/wp-ecommerce-shop-styling/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-ecommerce-shop-styling/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-ecommerce-shop-styling/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-ecommerce-shop-styling/#developers" + }, + { + "name": "http://www.vapid.dhs.org/advisory.php?v=136", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisory.php?v=136" + }, + { + "name": "[oss-security] 20150710 Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/10/4" + }, + { + "name": "[oss-security] 20150706 Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/07/06/19" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5834.json b/2015/5xxx/CVE-2015-5834.json index a2773ea7208..e61223ea460 100644 --- a/2015/5xxx/CVE-2015-5834.json +++ b/2015/5xxx/CVE-2015-5834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2060.json b/2017/2xxx/CVE-2017-2060.json index b576b4fb52c..d63ed9ce7b4 100644 --- a/2017/2xxx/CVE-2017-2060.json +++ b/2017/2xxx/CVE-2017-2060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2060", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2060", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2186.json b/2017/2xxx/CVE-2017-2186.json index 524af6d5fa2..02084666cae 100644 --- a/2017/2xxx/CVE-2017-2186.json +++ b/2017/2xxx/CVE-2017-2186.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HOME SPOT CUBE2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware V101 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "KDDI CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HOME SPOT CUBE2", + "version": { + "version_data": [ + { + "version_value": "firmware V101 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "KDDI CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/", - "refsource" : "CONFIRM", - "url" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/" - }, - { - "name" : "JVN#24348065", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN24348065/index.html" - }, - { - "name" : "99282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/", + "refsource": "CONFIRM", + "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/" + }, + { + "name": "99282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99282" + }, + { + "name": "JVN#24348065", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN24348065/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2912.json b/2017/2xxx/CVE-2017-2912.json index 7fb96eb3260..998cea5425c 100644 --- a/2017/2xxx/CVE-2017-2912.json +++ b/2017/2xxx/CVE-2017-2912.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11043.json b/2018/11xxx/CVE-2018-11043.json index 0895f8c9421..d9d21960a9a 100644 --- a/2018/11xxx/CVE-2018-11043.json +++ b/2018/11xxx/CVE-2018-11043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11043", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-11043", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11099.json b/2018/11xxx/CVE-2018-11099.json index 9d31761718c..1c5165bf13e 100644 --- a/2018/11xxx/CVE-2018-11099.json +++ b/2018/11xxx/CVE-2018-11099.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180516 vcftools 0.1.15 vuln bugs", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/43" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180516 vcftools 0.1.15 vuln bugs", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/43" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11573.json b/2018/11xxx/CVE-2018-11573.json index 09268bd778e..0465351e159 100644 --- a/2018/11xxx/CVE-2018-11573.json +++ b/2018/11xxx/CVE-2018-11573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11597.json b/2018/11xxx/CVE-2018-11597.json index b6ce334e8c6..def5bb2abb8 100644 --- a/2018/11xxx/CVE-2018-11597.json +++ b/2018/11xxx/CVE-2018-11597.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/espruino/Espruino/commit/51380baf17241728b6d48cdb84140b931e3e3cc5", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/commit/51380baf17241728b6d48cdb84140b931e3e3cc5" - }, - { - "name" : "https://github.com/espruino/Espruino/issues/1448", - "refsource" : "MISC", - "url" : "https://github.com/espruino/Espruino/issues/1448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/espruino/Espruino/commit/51380baf17241728b6d48cdb84140b931e3e3cc5", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/commit/51380baf17241728b6d48cdb84140b931e3e3cc5" + }, + { + "name": "https://github.com/espruino/Espruino/issues/1448", + "refsource": "MISC", + "url": "https://github.com/espruino/Espruino/issues/1448" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11672.json b/2018/11xxx/CVE-2018-11672.json index 749df338905..724ca316cc0 100644 --- a/2018/11xxx/CVE-2018-11672.json +++ b/2018/11xxx/CVE-2018-11672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11672", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11672", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11706.json b/2018/11xxx/CVE-2018-11706.json index 4f0bbc00d39..f6f3d8970fd 100644 --- a/2018/11xxx/CVE-2018-11706.json +++ b/2018/11xxx/CVE-2018-11706.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706", - "refsource" : "MISC", - "url" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706", + "refsource": "MISC", + "url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11706" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11895.json b/2018/11xxx/CVE-2018-11895.json index 0eedab9739e..1cdd98c960f 100644 --- a/2018/11xxx/CVE-2018-11895.json +++ b/2018/11xxx/CVE-2018-11895.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Potential Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14086.json b/2018/14xxx/CVE-2018-14086.json index 45fb4c5e720..e3d2a95e402 100644 --- a/2018/14xxx/CVE-2018-14086.json +++ b/2018/14xxx/CVE-2018-14086.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md", - "refsource" : "MISC", - "url" : "https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the \"amount * sellPrice\" will cause an integer overflow in sell()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md", + "refsource": "MISC", + "url": "https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14310.json b/2018/14xxx/CVE-2018-14310.json index c76c43a0a77..861d70d9fd6 100644 --- a/2018/14xxx/CVE-2018-14310.json +++ b/2018/14xxx/CVE-2018-14310.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-770", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-770" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-770", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-770" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15164.json b/2018/15xxx/CVE-2018-15164.json index 77763c32b74..1087c49dc29 100644 --- a/2018/15xxx/CVE-2018-15164.json +++ b/2018/15xxx/CVE-2018-15164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15486.json b/2018/15xxx/CVE-2018-15486.json index af938be26bf..3c1caae0364 100644 --- a/2018/15xxx/CVE-2018-15486.json +++ b/2018/15xxx/CVE-2018-15486.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" - }, - { - "name" : "https://www.kone.com/en/vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "https://www.kone.com/en/vulnerability.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kone.com/en/vulnerability.aspx", + "refsource": "CONFIRM", + "url": "https://www.kone.com/en/vulnerability.aspx" + }, + { + "name": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15521.json b/2018/15xxx/CVE-2018-15521.json index 58eb8786759..37d16c9c0d5 100644 --- a/2018/15xxx/CVE-2018-15521.json +++ b/2018/15xxx/CVE-2018-15521.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15521", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15521", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15772.json b/2018/15xxx/CVE-2018-15772.json index e2e6b4177b2..fa81e2cc3fe 100644 --- a/2018/15xxx/CVE-2018-15772.json +++ b/2018/15xxx/CVE-2018-15772.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "DATE_PUBLIC" : "2018-11-09T05:00:00.000Z", - "ID" : "CVE-2018-15772", - "STATE" : "PUBLIC", - "TITLE" : "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC RecoverPoint", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.2.1" - } - ] - } - }, - { - "product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.2.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "uncontrolled resource consumption vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-11-09T05:00:00.000Z", + "ID": "CVE-2018-15772", + "STATE": "PUBLIC", + "TITLE": "Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC RecoverPoint", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.2.1" + } + ] + } + }, + { + "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Nov/34" - }, - { - "name" : "105916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105916" - }, - { - "name" : "1042059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042059" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "uncontrolled resource consumption vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042059" + }, + { + "name": "105916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105916" + }, + { + "name": "20181108 DSA-2018-205: Dell EMC RecoverPoint Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Nov/34" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3470.json b/2018/3xxx/CVE-2018-3470.json index 6430e423f0f..fbb5eab0cd4 100644 --- a/2018/3xxx/CVE-2018-3470.json +++ b/2018/3xxx/CVE-2018-3470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3470", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3470", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3980.json b/2018/3xxx/CVE-2018-3980.json index 4d42c325478..5fd7ec45793 100644 --- a/2018/3xxx/CVE-2018-3980.json +++ b/2018/3xxx/CVE-2018-3980.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2019-01-30T00:00:00", - "ID" : "CVE-2018-3980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ACD Systems", - "version" : { - "version_data" : [ - { - "version_value" : "ACDSystems Canvas Draw 5.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds write code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2019-01-30T00:00:00", + "ID": "CVE-2018-3980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ACD Systems", + "version": { + "version_data": [ + { + "version_value": "ACDSystems Canvas Draw 5.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0648", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0648", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0648" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8223.json b/2018/8xxx/CVE-2018-8223.json index bc948f651e5..ae3c902aa7f 100644 --- a/2018/8xxx/CVE-2018-8223.json +++ b/2018/8xxx/CVE-2018-8223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8223", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8223", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8351.json b/2018/8xxx/CVE-2018-8351.json index 93c45b8bec0..644386e838f 100644 --- a/2018/8xxx/CVE-2018-8351.json +++ b/2018/8xxx/CVE-2018-8351.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka \"Microsoft Browser Information Disclosure Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8351", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8351" - }, - { - "name" : "105015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105015" - }, - { - "name" : "1041457", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka \"Microsoft Browser Information Disclosure Vulnerability.\" This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041457", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041457" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8351", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8351" + }, + { + "name": "105015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105015" + } + ] + } +} \ No newline at end of file