From d2928ce6e1774920b9dffb80ce8dd85c7899fa89 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:36:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0345.json | 150 ++++++++--------- 2002/0xxx/CVE-2002-0932.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2397.json | 150 ++++++++--------- 2005/0xxx/CVE-2005-0304.json | 160 +++++++++--------- 2005/0xxx/CVE-2005-0433.json | 140 +++++++-------- 2005/0xxx/CVE-2005-0439.json | 150 ++++++++--------- 2005/0xxx/CVE-2005-0651.json | 170 +++++++++---------- 2005/0xxx/CVE-2005-0728.json | 34 ++-- 2005/0xxx/CVE-2005-0924.json | 170 +++++++++---------- 2005/1xxx/CVE-2005-1034.json | 170 +++++++++---------- 2005/1xxx/CVE-2005-1284.json | 150 ++++++++--------- 2005/1xxx/CVE-2005-1421.json | 130 +++++++------- 2005/1xxx/CVE-2005-1541.json | 34 ++-- 2005/1xxx/CVE-2005-1762.json | 270 ++++++++++++++--------------- 2005/1xxx/CVE-2005-1885.json | 150 ++++++++--------- 2005/4xxx/CVE-2005-4076.json | 160 +++++++++--------- 2005/4xxx/CVE-2005-4651.json | 130 +++++++------- 2009/0xxx/CVE-2009-0699.json | 160 +++++++++--------- 2009/0xxx/CVE-2009-0982.json | 170 +++++++++---------- 2009/1xxx/CVE-2009-1448.json | 140 +++++++-------- 2009/1xxx/CVE-2009-1514.json | 130 +++++++------- 2009/1xxx/CVE-2009-1565.json | 220 ++++++++++++------------ 2009/1xxx/CVE-2009-1594.json | 160 +++++++++--------- 2009/4xxx/CVE-2009-4078.json | 200 +++++++++++----------- 2009/4xxx/CVE-2009-4179.json | 190 ++++++++++----------- 2009/4xxx/CVE-2009-4447.json | 160 +++++++++--------- 2009/5xxx/CVE-2009-5052.json | 120 ++++++------- 2012/2xxx/CVE-2012-2836.json | 190 ++++++++++----------- 2012/2xxx/CVE-2012-2935.json | 130 +++++++------- 2012/3xxx/CVE-2012-3039.json | 120 ++++++------- 2012/3xxx/CVE-2012-3673.json | 210 +++++++++++------------ 2012/3xxx/CVE-2012-3972.json | 250 +++++++++++++-------------- 2012/3xxx/CVE-2012-3986.json | 300 ++++++++++++++++----------------- 2012/6xxx/CVE-2012-6084.json | 170 +++++++++---------- 2012/6xxx/CVE-2012-6188.json | 34 ++-- 2012/6xxx/CVE-2012-6314.json | 170 +++++++++---------- 2015/5xxx/CVE-2015-5136.json | 34 ++-- 2015/5xxx/CVE-2015-5666.json | 140 +++++++-------- 2015/5xxx/CVE-2015-5760.json | 34 ++-- 2015/5xxx/CVE-2015-5983.json | 34 ++-- 2017/2xxx/CVE-2017-2076.json | 34 ++-- 2017/2xxx/CVE-2017-2103.json | 130 +++++++------- 2018/11xxx/CVE-2018-11055.json | 168 +++++++++--------- 2018/11xxx/CVE-2018-11180.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11190.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11275.json | 140 +++++++-------- 2018/11xxx/CVE-2018-11751.json | 34 ++-- 2018/14xxx/CVE-2018-14429.json | 130 +++++++------- 2018/15xxx/CVE-2018-15119.json | 34 ++-- 2018/15xxx/CVE-2018-15133.json | 120 ++++++------- 2018/15xxx/CVE-2018-15202.json | 120 ++++++------- 2018/15xxx/CVE-2018-15413.json | 250 +++++++++++++-------------- 2018/15xxx/CVE-2018-15814.json | 34 ++-- 2018/3xxx/CVE-2018-3759.json | 122 +++++++------- 2018/3xxx/CVE-2018-3938.json | 122 +++++++------- 2018/8xxx/CVE-2018-8306.json | 152 ++++++++--------- 2018/8xxx/CVE-2018-8331.json | 152 ++++++++--------- 2018/8xxx/CVE-2018-8738.json | 130 +++++++------- 2018/8xxx/CVE-2018-8837.json | 132 +++++++-------- 2018/8xxx/CVE-2018-8963.json | 120 ++++++------- 60 files changed, 4164 insertions(+), 4164 deletions(-) diff --git a/2002/0xxx/CVE-2002-0345.json b/2002/0xxx/CVE-2002-0345.json index 96eefcf9a31..5a90c925089 100644 --- a/2002/0xxx/CVE-2002-0345.json +++ b/2002/0xxx/CVE-2002-0345.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\\params registry key, which could allow an attacker to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020301 Re: \"Peter Miller\" pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE: Symantec", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101529792821615&w=2" - }, - { - "name" : "20020226 RE: Symantec LiveUpdate", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/258293" - }, - { - "name" : "4181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4181" - }, - { - "name" : "ghost-plaintext-account(8305)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8305.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\\params registry key, which could allow an attacker to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020226 RE: Symantec LiveUpdate", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/258293" + }, + { + "name": "20020301 Re: \"Peter Miller\" pcmiller61@yahoo.com, 02/26/2002 03:48 AM RE: Symantec", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101529792821615&w=2" + }, + { + "name": "ghost-plaintext-account(8305)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8305.php" + }, + { + "name": "4181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4181" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0932.json b/2002/0xxx/CVE-2002-0932.json index b5abbcc7ebc..9f22bbe3b5b 100644 --- a/2002/0xxx/CVE-2002-0932.json +++ b/2002/0xxx/CVE-2002-0932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the \"id\" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html" - }, - { - "name" : "4971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4971" - }, - { - "name" : "myhelpdesk-sql-injection(9321)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9321.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the \"id\" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html" + }, + { + "name": "myhelpdesk-sql-injection(9321)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9321.php" + }, + { + "name": "4971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4971" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2397.json b/2002/2xxx/CVE-2002-2397.json index 11ecc505b8b..2666958c3a0 100644 --- a/2002/2xxx/CVE-2002-2397.json +++ b/2002/2xxx/CVE-2002-2397.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020916 NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://www.derkeiler.com/Mailing-Lists/VulnWatch/2002-09/0015.html" - }, - { - "name" : "http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html", - "refsource" : "MISC", - "url" : "http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html" - }, - { - "name" : "sygate-firewall-ip-spoofing(10108)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10108.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html" + }, + { + "name": "20020916 NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability", + "refsource": "VULNWATCH", + "url": "http://www.derkeiler.com/Mailing-Lists/VulnWatch/2002-09/0015.html" + }, + { + "name": "sygate-firewall-ip-spoofing(10108)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10108.php" + }, + { + "name": "http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html", + "refsource": "MISC", + "url": "http://www22.brinkster.com/nssitech/nssilabs/nssi-2002-sygatepfw5.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0304.json b/2005/0xxx/CVE-2005-0304.json index 5101d6d0c3b..a177b9f822b 100644 --- a/2005/0xxx/CVE-2005-0304.json +++ b/2005/0xxx/CVE-2005-0304.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050121 Arbitrary files overwriting through skins in DivX Player 2.6", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110642748517854&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/divxplayer-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/divxplayer-adv.txt" - }, - { - "name" : "12332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12332" - }, - { - "name" : "13969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13969" - }, - { - "name" : "divx-player-directory-traversal(19030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13969" + }, + { + "name": "20050121 Arbitrary files overwriting through skins in DivX Player 2.6", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110642748517854&w=2" + }, + { + "name": "divx-player-directory-traversal(19030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19030" + }, + { + "name": "http://aluigi.altervista.org/adv/divxplayer-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/divxplayer-adv.txt" + }, + { + "name": "12332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12332" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0433.json b/2005/0xxx/CVE-2005-0433.json index 18c4d4a0f8a..8965a2406aa 100644 --- a/2005/0xxx/CVE-2005-0433.json +++ b/2005/0xxx/CVE-2005-0433.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.waraxe.us/advisory-40.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-40.html" - }, - { - "name" : "12561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12561" - }, - { - "name" : "phpnuke-multiple-scripts-path-disclosure(19344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12561" + }, + { + "name": "phpnuke-multiple-scripts-path-disclosure(19344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19344" + }, + { + "name": "http://www.waraxe.us/advisory-40.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-40.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0439.json b/2005/0xxx/CVE-2005-0439.json index 20c83848dec..66346e5993f 100644 --- a/2005/0xxx/CVE-2005-0439.json +++ b/2005/0xxx/CVE-2005-0439.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880" - }, - { - "name" : "http://midas.psi.ch/elogs/Forum/941", - "refsource" : "CONFIRM", - "url" : "http://midas.psi.ch/elogs/Forum/941" - }, - { - "name" : "12556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12556" - }, - { - "name" : "elog-weblog-bo(19313)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12556" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=40505&release_id=304880" + }, + { + "name": "elog-weblog-bo(19313)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19313" + }, + { + "name": "http://midas.psi.ch/elogs/Forum/941", + "refsource": "CONFIRM", + "url": "http://midas.psi.ch/elogs/Forum/941" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0651.json b/2005/0xxx/CVE-2005-0651.json index 6084a954041..47273c97835 100644 --- a/2005/0xxx/CVE-2005-0651.json +++ b/2005/0xxx/CVE-2005-0651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as \"drivers.php\" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050308 failles dans ProjectBB v0.4.5.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111031893610270&w=2" - }, - { - "name" : "12710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12710" - }, - { - "name" : "ADV-2005-0223", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0223" - }, - { - "name" : "1013332", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013332" - }, - { - "name" : "14533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14533" - }, - { - "name" : "projectbb-mulitple-sql-injection(19557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as \"drivers.php\" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12710" + }, + { + "name": "14533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14533" + }, + { + "name": "20050308 failles dans ProjectBB v0.4.5.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111031893610270&w=2" + }, + { + "name": "ADV-2005-0223", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0223" + }, + { + "name": "1013332", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013332" + }, + { + "name": "projectbb-mulitple-sql-injection(19557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19557" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0728.json b/2005/0xxx/CVE-2005-0728.json index 3851914665f..944f737c90e 100644 --- a/2005/0xxx/CVE-2005-0728.json +++ b/2005/0xxx/CVE-2005-0728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0728", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0736. Reason: This candidate is a duplicate of CVE-2005-0736. Notes: All CVE users should reference CVE-2005-0736 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2005-0728", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0736. Reason: This candidate is a duplicate of CVE-2005-0736. Notes: All CVE users should reference CVE-2005-0736 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0924.json b/2005/0xxx/CVE-2005-0924.json index 7c3766684f3..0020b5bc6c7 100644 --- a/2005/0xxx/CVE-2005-0924.json +++ b/2005/0xxx/CVE-2005-0924.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050329 E-Data", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=111211945505635&w=2" - }, - { - "name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-004-edata.txt", - "refsource" : "MISC", - "url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-004-edata.txt" - }, - { - "name" : "12927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12927" - }, - { - "name" : "1013589", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013589" - }, - { - "name" : "14739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14739" - }, - { - "name" : "edata-new-user-xss(19889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14739" + }, + { + "name": "20050329 E-Data", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=111211945505635&w=2" + }, + { + "name": "12927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12927" + }, + { + "name": "1013589", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013589" + }, + { + "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-004-edata.txt", + "refsource": "MISC", + "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-004-edata.txt" + }, + { + "name": "edata-new-user-xss(19889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19889" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1034.json b/2005/1xxx/CVE-2005-1034.json index 258b81266bf..7ac8815179f 100644 --- a/2005/1xxx/CVE-2005-1034.json +++ b/2005/1xxx/CVE-2005-1034.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111289226204780&w=2" - }, - { - "name" : "http://www.security.org.sg/vuln/surgeftp22m1.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/surgeftp22m1.html" - }, - { - "name" : "13054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13054" - }, - { - "name" : "1013664", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013664" - }, - { - "name" : "14888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14888" - }, - { - "name" : "surgeftp-leak-ftp-dos(20011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013664", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013664" + }, + { + "name": "http://www.security.org.sg/vuln/surgeftp22m1.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/surgeftp22m1.html" + }, + { + "name": "13054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13054" + }, + { + "name": "14888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14888" + }, + { + "name": "20050407 [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111289226204780&w=2" + }, + { + "name": "surgeftp-leak-ftp-dos(20011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20011" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1284.json b/2005/1xxx/CVE-2005-1284.json index e0850576535..1c692dbaa14 100644 --- a/2005/1xxx/CVE-2005-1284.json +++ b/2005/1xxx/CVE-2005-1284.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if \"Allow Creation of Accounts From the Web Interface\" is disabled, via a direct HTTP POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050422 Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111419001527077&w=2" - }, - { - "name" : "13323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13323" - }, - { - "name" : "15822", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15822" - }, - { - "name" : "argosoft-mail-server-add-new-mail-account(20228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if \"Allow Creation of Accounts From the Web Interface\" is disabled, via a direct HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13323" + }, + { + "name": "20050422 Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111419001527077&w=2" + }, + { + "name": "argosoft-mail-server-add-new-mail-account(20228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20228" + }, + { + "name": "15822", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15822" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1421.json b/2005/1xxx/CVE-2005-1421.json index 5317ccb92a7..b6a9b8f1c01 100644 --- a/2005/1xxx/CVE-2005-1421.json +++ b/2005/1xxx/CVE-2005-1421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt" - }, - { - "name" : "1013860", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013860", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013860" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1541.json b/2005/1xxx/CVE-2005-1541.json index e7f5f69625a..f64fe5961af 100644 --- a/2005/1xxx/CVE-2005-1541.json +++ b/2005/1xxx/CVE-2005-1541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1541", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1541", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1762.json b/2005/1xxx/CVE-2005-1762.json index a69c1f6971b..4eef83a95a5 100644 --- a/2005/1xxx/CVE-2005-1762.json +++ b/2005/1xxx/CVE-2005-1762.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a \"non-canonical\" address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-922" - }, - { - "name" : "DSA-921", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-921" - }, - { - "name" : "FLSA:157459-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded" - }, - { - "name" : "FLSA:157459-3", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" - }, - { - "name" : "RHSA-2005:514", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html" - }, - { - "name" : "RHSA-2005:663", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" - }, - { - "name" : "SUSE-SA:2005:029", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_29_kernel.html" - }, - { - "name" : "USN-143-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/143-1/" - }, - { - "name" : "13904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13904" - }, - { - "name" : "oval:org.mitre.oval:def:10630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10630" - }, - { - "name" : "ADV-2005-1878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1878" - }, - { - "name" : "15786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15786" - }, - { - "name" : "18056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18056" - }, - { - "name" : "18059", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18059" - }, - { - "name" : "17073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17073" - }, - { - "name" : "17002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a \"non-canonical\" address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18056" + }, + { + "name": "17073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17073" + }, + { + "name": "13904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13904" + }, + { + "name": "18059", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18059" + }, + { + "name": "oval:org.mitre.oval:def:10630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10630" + }, + { + "name": "FLSA:157459-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded" + }, + { + "name": "SUSE-SA:2005:029", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_29_kernel.html" + }, + { + "name": "DSA-922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-922" + }, + { + "name": "15786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15786" + }, + { + "name": "DSA-921", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-921" + }, + { + "name": "RHSA-2005:514", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-514.html" + }, + { + "name": "17002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17002" + }, + { + "name": "USN-143-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/143-1/" + }, + { + "name": "FLSA:157459-3", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded" + }, + { + "name": "RHSA-2005:663", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html" + }, + { + "name": "ADV-2005-1878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1878" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1885.json b/2005/1xxx/CVE-2005-1885.json index d04f08ce344..0aa6941e74e 100644 --- a/2005/1xxx/CVE-2005-1885.json +++ b/2005/1xxx/CVE-2005-1885.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", - "refsource" : "MISC", - "url" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" - }, - { - "name" : "17119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17119" - }, - { - "name" : "15600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15600/" - }, - { - "name" : "1014103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17119" + }, + { + "name": "15600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15600/" + }, + { + "name": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", + "refsource": "MISC", + "url": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" + }, + { + "name": "1014103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014103" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4076.json b/2005/4xxx/CVE-2005-4076.json index ef7309e4ec4..8113c8e559b 100644 --- a/2005/4xxx/CVE-2005-4076.json +++ b/2005/4xxx/CVE-2005-4076.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051207 Appfluent Batabase IDS Local Root", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0253.html" - }, - { - "name" : "http://open-security.org/advisories/14", - "refsource" : "MISC", - "url" : "http://open-security.org/advisories/14" - }, - { - "name" : "http://mantis.pulltheplug.org/display.php?offset=8", - "refsource" : "MISC", - "url" : "http://mantis.pulltheplug.org/display.php?offset=8" - }, - { - "name" : "15755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15755" - }, - { - "name" : "17947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://open-security.org/advisories/14", + "refsource": "MISC", + "url": "http://open-security.org/advisories/14" + }, + { + "name": "20051207 Appfluent Batabase IDS Local Root", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0253.html" + }, + { + "name": "17947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17947" + }, + { + "name": "http://mantis.pulltheplug.org/display.php?offset=8", + "refsource": "MISC", + "url": "http://mantis.pulltheplug.org/display.php?offset=8" + }, + { + "name": "15755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15755" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4651.json b/2005/4xxx/CVE-2005-4651.json index d67b7059467..0a27ccafcf6 100644 --- a/2005/4xxx/CVE-2005-4651.json +++ b/2005/4xxx/CVE-2005-4651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html" - }, - { - "name" : "21291", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html" + }, + { + "name": "21291", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21291" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0699.json b/2009/0xxx/CVE-2009-0699.json index 98910f151d8..80e407ab672 100644 --- a/2009/0xxx/CVE-2009-0699.json +++ b/2009/0xxx/CVE-2009-0699.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html" - }, - { - "name" : "20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html" - }, - { - "name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt", - "refsource" : "MISC", - "url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt" - }, - { - "name" : "33153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33153" - }, - { - "name" : "businessmanager-qub-bez74-xss(47795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt", + "refsource": "MISC", + "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt" + }, + { + "name": "20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html" + }, + { + "name": "20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html" + }, + { + "name": "businessmanager-qub-bez74-xss(47795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47795" + }, + { + "name": "33153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33153" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0982.json b/2009/0xxx/CVE-2009-0982.json index f4cae1c2ab9..1fa2290ded2 100644 --- a/2009/0xxx/CVE-2009-0982.json +++ b/2009/0xxx/CVE-2009-0982.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53759", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53759" - }, - { - "name" : "1022057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022057" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "1022057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022057" + }, + { + "name": "53759", + "refsource": "OSVDB", + "url": "http://osvdb.org/53759" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1448.json b/2009/1xxx/CVE-2009-1448.json index 2ebc7d13c6d..7ece85dee1f 100644 --- a/2009/1xxx/CVE-2009-1448.json +++ b/2009/1xxx/CVE-2009-1448.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#82744714", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82744714/index.html" - }, - { - "name" : "JVNDB-2009-000019", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000019.html" - }, - { - "name" : "apricot-apricot-xss(49948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2009-000019", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000019.html" + }, + { + "name": "JVN#82744714", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82744714/index.html" + }, + { + "name": "apricot-apricot-xss(49948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49948" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1514.json b/2009/1xxx/CVE-2009-1514.json index e23baf1b21f..81b2c4ce222 100644 --- a/2009/1xxx/CVE-2009-1514.json +++ b/2009/1xxx/CVE-2009-1514.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8573", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8573" - }, - { - "name" : "34786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34786" + }, + { + "name": "8573", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8573" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1565.json b/2009/1xxx/CVE-2009-1565.json index 8c4245bca61..62ab086c8dd 100644 --- a/2009/1xxx/CVE-2009-1565.json +++ b/2009/1xxx/CVE-2009-1565.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-1565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" - }, - { - "name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" - }, - { - "name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" - }, - { - "name" : "http://secunia.com/secunia_research/2009-37/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-37/" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" - }, - { - "name" : "39364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39364" - }, - { - "name" : "63615", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63615" - }, - { - "name" : "1023838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023838" - }, - { - "name" : "36712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36712" - }, - { - "name" : "39206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39206" - }, - { - "name" : "39215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39206" + }, + { + "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html" + }, + { + "name": "36712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36712" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html" + }, + { + "name": "63615", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63615" + }, + { + "name": "http://secunia.com/secunia_research/2009-37/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-37/" + }, + { + "name": "1023838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023838" + }, + { + "name": "39364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39364" + }, + { + "name": "39215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39215" + }, + { + "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1594.json b/2009/1xxx/CVE-2009-1594.json index 160e4d9dc12..05f719ad1fb 100644 --- a/2009/1xxx/CVE-2009-1594.json +++ b/2009/1xxx/CVE-2009-1594.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the \"positive model,\" which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503649/100/0/threaded" - }, - { - "name" : "[websecurity] 20090519 [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500", - "refsource" : "MLIST", - "url" : "http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html" - }, - { - "name" : "http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt", - "refsource" : "MISC", - "url" : "http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt" - }, - { - "name" : "35053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35053" - }, - { - "name" : "profense-whitelist-security-bypass(50662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the \"positive model,\" which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "profense-whitelist-security-bypass(50662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50662" + }, + { + "name": "http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt", + "refsource": "MISC", + "url": "http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt" + }, + { + "name": "35053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35053" + }, + { + "name": "20090520 Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503649/100/0/threaded" + }, + { + "name": "[websecurity] 20090519 [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500", + "refsource": "MLIST", + "url": "http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4078.json b/2009/4xxx/CVE-2009-4078.json index 49df97bebc3..a9ed3af33c5 100644 --- a/2009/4xxx/CVE-2009-4078.json +++ b/2009/4xxx/CVE-2009-4078.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rubyforge.org/frs/shownotes.php?release_id=41108", - "refsource" : "CONFIRM", - "url" : "http://rubyforge.org/frs/shownotes.php?release_id=41108" - }, - { - "name" : "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04", - "refsource" : "CONFIRM", - "url" : "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04" - }, - { - "name" : "JVN#01245481", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01245481/index.html" - }, - { - "name" : "JVN#87341298", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN87341298/index.html" - }, - { - "name" : "JVNDB-2009-000073", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html" - }, - { - "name" : "37066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37066" - }, - { - "name" : "37420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37420" - }, - { - "name" : "ADV-2009-3291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3291" - }, - { - "name" : "redmine-unspecified-input-xss(54333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-3291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3291" + }, + { + "name": "http://rubyforge.org/frs/shownotes.php?release_id=41108", + "refsource": "CONFIRM", + "url": "http://rubyforge.org/frs/shownotes.php?release_id=41108" + }, + { + "name": "37066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37066" + }, + { + "name": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04", + "refsource": "CONFIRM", + "url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04" + }, + { + "name": "JVN#87341298", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN87341298/index.html" + }, + { + "name": "redmine-unspecified-input-xss(54333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333" + }, + { + "name": "JVNDB-2009-000073", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html" + }, + { + "name": "JVN#01245481", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01245481/index.html" + }, + { + "name": "37420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37420" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4179.json b/2009/4xxx/CVE-2009-4179.json index af8e57c391b..f28b04f6fa4 100644 --- a/2009/4xxx/CVE-2009-4179.json +++ b/2009/4xxx/CVE-2009-4179.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2009-4179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091209 TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/508355/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-12", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-12" - }, - { - "name" : "HPSBMA02483", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090134", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" - }, - { - "name" : "SSRT090257", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2" - }, - { - "name" : "37261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37261" - }, - { - "name" : "37347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37347" - }, - { - "name" : "hp-ovnnm-ovalarm-bo(54657)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-12", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-12" + }, + { + "name": "hp-ovnnm-ovalarm-bo(54657)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54657" + }, + { + "name": "37347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37347" + }, + { + "name": "20091209 TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/508355/100/0/threaded" + }, + { + "name": "37261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37261" + }, + { + "name": "SSRT090257", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2" + }, + { + "name": "SSRT090134", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + }, + { + "name": "HPSBMA02483", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4447.json b/2009/4xxx/CVE-2009-4447.json index dddd2a91355..9396910b717 100644 --- a/2009/4xxx/CVE-2009-4447.json +++ b/2009/4xxx/CVE-2009-4447.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10626", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10626" - }, - { - "name" : "37466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37466" - }, - { - "name" : "61299", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61299" - }, - { - "name" : "37921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37921" - }, - { - "name" : "jaxguestbook-admin-security-bypass(55077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10626", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10626" + }, + { + "name": "61299", + "refsource": "OSVDB", + "url": "http://osvdb.org/61299" + }, + { + "name": "37921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37921" + }, + { + "name": "37466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37466" + }, + { + "name": "jaxguestbook-admin-security-bypass(55077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55077" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5052.json b/2009/5xxx/CVE-2009-5052.json index dfced9c401b..4c0403b8c86 100644 --- a/2009/5xxx/CVE-2009-5052.json +++ b/2009/5xxx/CVE-2009-5052.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", - "refsource" : "CONFIRM", - "url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt", + "refsource": "CONFIRM", + "url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2836.json b/2012/2xxx/CVE-2012-2836.json index 520252c71dd..1107ffb1424 100644 --- a/2012/2xxx/CVE-2012-2836.json +++ b/2012/2xxx/CVE-2012-2836.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" - }, - { - "name" : "DSA-2559", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2559" - }, - { - "name" : "RHSA-2012:1255", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" - }, - { - "name" : "SUSE-SU-2012:0902", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0903", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" - }, - { - "name" : "USN-1513-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1513-1" - }, - { - "name" : "54437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54437" - }, - { - "name" : "49988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54437" + }, + { + "name": "DSA-2559", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2559" + }, + { + "name": "SUSE-SU-2012:0903", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" + }, + { + "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" + }, + { + "name": "49988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49988" + }, + { + "name": "RHSA-2012:1255", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html" + }, + { + "name": "USN-1513-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1513-1" + }, + { + "name": "SUSE-SU-2012:0902", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2935.json b/2012/2xxx/CVE-2012-2935.json index 2cd93bcff3f..707456db356 100644 --- a/2012/2xxx/CVE-2012-2935.json +++ b/2012/2xxx/CVE-2012-2935.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df", - "refsource" : "CONFIRM", - "url" : "https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df" - }, - { - "name" : "oscommerce-main-xss(75900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oscommerce-main-xss(75900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75900" + }, + { + "name": "https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df", + "refsource": "CONFIRM", + "url": "https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3039.json b/2012/3xxx/CVE-2012-3039.json index 5dc954818c6..b05d09569e5 100644 --- a/2012/3xxx/CVE-2012-3039.json +++ b/2012/3xxx/CVE-2012-3039.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3673.json b/2012/3xxx/CVE-2012-3673.json index c8e736b10b2..5ee406547dd 100644 --- a/2012/3xxx/CVE-2012-3673.json +++ b/2012/3xxx/CVE-2012-3673.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85372", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85372" - }, - { - "name" : "oval:org.mitre.oval:def:17237", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17237" - }, - { - "name" : "apple-itunes-webkit-cve20123673(78539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-itunes-webkit-cve20123673(78539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78539" + }, + { + "name": "oval:org.mitre.oval:def:17237", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17237" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "85372", + "refsource": "OSVDB", + "url": "http://osvdb.org/85372" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3972.json b/2012/3xxx/CVE-2012-3972.json index 2ec3cd83878..423b2a09db8 100644 --- a/2012/3xxx/CVE-2012-3972.json +++ b/2012/3xxx/CVE-2012-3972.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-65.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-65.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=746855", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=746855" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "DSA-2553", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2553" - }, - { - "name" : "DSA-2556", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2556" - }, - { - "name" : "DSA-2554", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2554" - }, - { - "name" : "RHSA-2012:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "oval:org.mitre.oval:def:16234", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2556", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2556" + }, + { + "name": "RHSA-2012:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" + }, + { + "name": "DSA-2553", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2553" + }, + { + "name": "oval:org.mitre.oval:def:16234", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-65.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-65.html" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=746855", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=746855" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "DSA-2554", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2554" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3986.json b/2012/3xxx/CVE-2012-3986.json index e67990dfa46..29129faec58 100644 --- a/2012/3xxx/CVE-2012-3986.json +++ b/2012/3xxx/CVE-2012-3986.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775868", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=775868" - }, - { - "name" : "DSA-2569", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2569" - }, - { - "name" : "DSA-2565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2565" - }, - { - "name" : "DSA-2572", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2572" - }, - { - "name" : "MDVSA-2012:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" - }, - { - "name" : "RHSA-2012:1351", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "55922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55922" - }, - { - "name" : "oval:org.mitre.oval:def:16834", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50936" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - }, - { - "name" : "51181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51181" - }, - { - "name" : "55318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775868" + }, + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-77.html" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "DSA-2565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2565" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "oval:org.mitre.oval:def:16834", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834" + }, + { + "name": "DSA-2572", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2572" + }, + { + "name": "RHSA-2012:1351", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html" + }, + { + "name": "50936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50936" + }, + { + "name": "51181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51181" + }, + { + "name": "55318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55318" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "MDVSA-2012:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" + }, + { + "name": "55922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55922" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + }, + { + "name": "DSA-2569", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2569" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6084.json b/2012/6xxx/CVE-2012-6084.json index f179ab70ee4..af72d484c41 100644 --- a/2012/6xxx/CVE-2012-6084.json +++ b/2012/6xxx/CVE-2012-6084.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-6084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130101 Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/01/4" - }, - { - "name" : "http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt", - "refsource" : "CONFIRM", - "url" : "http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt" - }, - { - "name" : "http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2" - }, - { - "name" : "http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2", - "refsource" : "CONFIRM", - "url" : "http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2" - }, - { - "name" : "https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch", - "refsource" : "CONFIRM", - "url" : "https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch" - }, - { - "name" : "DSA-2612", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt", + "refsource": "CONFIRM", + "url": "http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt" + }, + { + "name": "https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch", + "refsource": "CONFIRM", + "url": "https://github.com/atheme/charybdis/commit/ac0707aa61d9c20e9b09062294701567c9f41595.patch" + }, + { + "name": "http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2", + "refsource": "CONFIRM", + "url": "http://www.stack.nl/~jilles/irc/charybdis-3.4.2.tbz2" + }, + { + "name": "[oss-security] 20130101 Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/01/4" + }, + { + "name": "DSA-2612", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2612" + }, + { + "name": "http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2", + "refsource": "CONFIRM", + "url": "http://www.ratbox.org/download/ircd-ratbox-3.0.8.tar.bz2" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6188.json b/2012/6xxx/CVE-2012-6188.json index a3c76b90d76..97af0f99707 100644 --- a/2012/6xxx/CVE-2012-6188.json +++ b/2012/6xxx/CVE-2012-6188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6188", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6188", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6314.json b/2012/6xxx/CVE-2012-6314.json index b9df1f4b4f3..e4fb25e5a11 100644 --- a/2012/6xxx/CVE-2012-6314.json +++ b/2012/6xxx/CVE-2012-6314.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX135813", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX135813" - }, - { - "name" : "56908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56908" - }, - { - "name" : "88369", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/88369" - }, - { - "name" : "1027869", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027869" - }, - { - "name" : "51524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51524" - }, - { - "name" : "xendesktop-vda-sec-bypass(80626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56908" + }, + { + "name": "88369", + "refsource": "OSVDB", + "url": "http://osvdb.org/88369" + }, + { + "name": "http://support.citrix.com/article/CTX135813", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX135813" + }, + { + "name": "xendesktop-vda-sec-bypass(80626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80626" + }, + { + "name": "1027869", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027869" + }, + { + "name": "51524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51524" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5136.json b/2015/5xxx/CVE-2015-5136.json index 4a4280d0c74..b20c92875ca 100644 --- a/2015/5xxx/CVE-2015-5136.json +++ b/2015/5xxx/CVE-2015-5136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5666.json b/2015/5xxx/CVE-2015-5666.json index 08b13392c7e..dc2efa22f79 100644 --- a/2015/5xxx/CVE-2015-5666.json +++ b/2015/5xxx/CVE-2015-5666.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-5666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#25086409", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN25086409/index.html" - }, - { - "name" : "JVNDB-2015-000164", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html" - }, - { - "name" : "77344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#25086409", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN25086409/index.html" + }, + { + "name": "77344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77344" + }, + { + "name": "JVNDB-2015-000164", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000164.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5760.json b/2015/5xxx/CVE-2015-5760.json index c45d54d9649..8164e372d51 100644 --- a/2015/5xxx/CVE-2015-5760.json +++ b/2015/5xxx/CVE-2015-5760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5760", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5760", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5983.json b/2015/5xxx/CVE-2015-5983.json index b5d3c3b2767..501d5b39a40 100644 --- a/2015/5xxx/CVE-2015-5983.json +++ b/2015/5xxx/CVE-2015-5983.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5983", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5983", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2076.json b/2017/2xxx/CVE-2017-2076.json index e05cd81818b..2f36f56ff26 100644 --- a/2017/2xxx/CVE-2017-2076.json +++ b/2017/2xxx/CVE-2017-2076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2076", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2076", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2103.json b/2017/2xxx/CVE-2017-2103.json index 7aa8f3486d7..db393106e31 100644 --- a/2017/2xxx/CVE-2017-2103.json +++ b/2017/2xxx/CVE-2017-2103.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LaLa Call App for Android", - "version" : { - "version_data" : [ - { - "version_value" : "ver2.4.7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "K-Opticom Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to verify SSL certificates" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LaLa Call App for Android", + "version": { + "version_data": [ + { + "version_value": "ver2.4.7 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "K-Opticom Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#01014759", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01014759/index.html" - }, - { - "name" : "96004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#01014759", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01014759/index.html" + }, + { + "name": "96004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96004" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index 004aba1d62b..3d173f2e6d7 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "ID" : "CVE-2018-11055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BSAFE Micro Edition Suite", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.0.11" - }, - { - "affected" : "<", - "version_value" : "4.1.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 4.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-11055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.0.11" + }, + { + "affected": "<", + "version_value": "4.1.6.1" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11180.json b/2018/11xxx/CVE-2018-11180.json index 8dc2eab3de3..369020d55cd 100644 --- a/2018/11xxx/CVE-2018-11180.json +++ b/2018/11xxx/CVE-2018-11180.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11190.json b/2018/11xxx/CVE-2018-11190.json index fb0c1c1add5..bba54bf28c4 100644 --- a/2018/11xxx/CVE-2018-11190.json +++ b/2018/11xxx/CVE-2018-11190.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11275.json b/2018/11xxx/CVE-2018-11275.json index 3f4f2396a1a..afe6a35bcdf 100644 --- a/2018/11xxx/CVE-2018-11275.json +++ b/2018/11xxx/CVE-2018-11275.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - }, - { - "name" : "106949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + }, + { + "name": "106949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106949" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11751.json b/2018/11xxx/CVE-2018-11751.json index 1dad2131b63..50ce31544f1 100644 --- a/2018/11xxx/CVE-2018-11751.json +++ b/2018/11xxx/CVE-2018-11751.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11751", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11751", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14429.json b/2018/14xxx/CVE-2018-14429.json index bc577754787..7d3b0202c69 100644 --- a/2018/14xxx/CVE-2018-14429.json +++ b/2018/14xxx/CVE-2018-14429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180808 [CVE-2018-14429] man-cgi < 1.16 Local File Include", - "refsource" : "BUGTRAQ", - "url" : "https://www.securityfocus.com/archive/1/542208/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180808 [CVE-2018-14429] man-cgi < 1.16 Local File Include", + "refsource": "BUGTRAQ", + "url": "https://www.securityfocus.com/archive/1/542208/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148855/man-cgi-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15119.json b/2018/15xxx/CVE-2018-15119.json index 3d8c56f8e61..b1393ed3580 100644 --- a/2018/15xxx/CVE-2018-15119.json +++ b/2018/15xxx/CVE-2018-15119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15133.json b/2018/15xxx/CVE-2018-15133.json index cc489286e9b..671137770f5 100644 --- a/2018/15xxx/CVE-2018-15133.json +++ b/2018/15xxx/CVE-2018-15133.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30", - "refsource" : "CONFIRM", - "url" : "https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30", + "refsource": "CONFIRM", + "url": "https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15202.json b/2018/15xxx/CVE-2018-15202.json index c922e9c477d..0585b973a65 100644 --- a/2018/15xxx/CVE-2018-15202.json +++ b/2018/15xxx/CVE-2018-15202.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Juunan06/eCommerce/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/Juunan06/eCommerce/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Juunan06/eCommerce/issues/1", + "refsource": "MISC", + "url": "https://github.com/Juunan06/eCommerce/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15413.json b/2018/15xxx/CVE-2018-15413.json index fe370d199ca..77ad61dc552 100644 --- a/2018/15xxx/CVE-2018-15413.json +++ b/2018/15xxx/CVE-2018-15413.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15413", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx WRF Player ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "7.8", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15413", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx WRF Player ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" - }, - { - "name" : "105520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105520" - }, - { - "name" : "1041795", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041795" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-webex-rce", - "defect" : [ - [ - "CSCvj83752", - "CSCvj83767", - "CSCvj83771", - "CSCvj83793", - "CSCvj83797", - "CSCvj83803", - "CSCvj83818", - "CSCvj83824", - "CSCvj83831", - "CSCvj87929", - "CSCvj87934", - "CSCvj93870", - "CSCvj93877", - "CSCvk31089", - "CSCvk33049", - "CSCvk52510", - "CSCvk52518", - "CSCvk52521", - "CSCvk59945", - "CSCvk59949", - "CSCvk59950", - "CSCvk60158", - "CSCvk60163", - "CSCvm51315", - "CSCvm51318", - "CSCvm51361", - "CSCvm51371", - "CSCvm51373", - "CSCvm51374", - "CSCvm51382", - "CSCvm51386", - "CSCvm51391", - "CSCvm51393", - "CSCvm51396", - "CSCvm51398", - "CSCvm51412", - "CSCvm51413", - "CSCvm54531", - "CSCvm54538" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041795", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041795" + }, + { + "name": "105520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105520" + }, + { + "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-webex-rce", + "defect": [ + [ + "CSCvj83752", + "CSCvj83767", + "CSCvj83771", + "CSCvj83793", + "CSCvj83797", + "CSCvj83803", + "CSCvj83818", + "CSCvj83824", + "CSCvj83831", + "CSCvj87929", + "CSCvj87934", + "CSCvj93870", + "CSCvj93877", + "CSCvk31089", + "CSCvk33049", + "CSCvk52510", + "CSCvk52518", + "CSCvk52521", + "CSCvk59945", + "CSCvk59949", + "CSCvk59950", + "CSCvk60158", + "CSCvk60163", + "CSCvm51315", + "CSCvm51318", + "CSCvm51361", + "CSCvm51371", + "CSCvm51373", + "CSCvm51374", + "CSCvm51382", + "CSCvm51386", + "CSCvm51391", + "CSCvm51393", + "CSCvm51396", + "CSCvm51398", + "CSCvm51412", + "CSCvm51413", + "CSCvm54531", + "CSCvm54538" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15814.json b/2018/15xxx/CVE-2018-15814.json index 2ceb658748c..7371303a775 100644 --- a/2018/15xxx/CVE-2018-15814.json +++ b/2018/15xxx/CVE-2018-15814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15814", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15814", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3759.json b/2018/3xxx/CVE-2018-3759.json index 75f414aaab7..23451391e60 100644 --- a/2018/3xxx/CVE-2018-3759.json +++ b/2018/3xxx/CVE-2018-3759.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-05-03T00:00:00", - "ID" : "CVE-2018-3759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "private_address_check ruby gem", - "version" : { - "version_data" : [ - { - "version_value" : "0.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-05-03T00:00:00", + "ID": "CVE-2018-3759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "private_address_check ruby gem", + "version": { + "version_data": [ + { + "version_value": "0.5.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147", - "refsource" : "MISC", - "url" : "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147", + "refsource": "MISC", + "url": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3938.json b/2018/3xxx/CVE-2018-3938.json index bdae3e7cc31..ccbb79114d8 100644 --- a/2018/3xxx/CVE-2018-3938.json +++ b/2018/3xxx/CVE-2018-3938.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-07-20T00:00:00", - "ID" : "CVE-2018-3938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sony", - "version" : { - "version_data" : [ - { - "version_value" : "Sony IPELA E series G5 firmware 1.87.00" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-07-20T00:00:00", + "ID": "CVE-2018-3938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sony", + "version": { + "version_data": [ + { + "version_value": "Sony IPELA E series G5 firmware 1.87.00" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8306.json b/2018/8xxx/CVE-2018-8306.json index d5967002c5c..c6d31a4fcb4 100644 --- a/2018/8xxx/CVE-2018-8306.json +++ b/2018/8xxx/CVE-2018-8306.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Wireless Display Adapter V2 Software", - "version" : { - "version_data" : [ - { - "version_value" : "Version 2.0.8350" - }, - { - "version_value" : "Version 2.0.8365" - }, - { - "version_value" : "Version 2.0.8372" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka \"Microsoft Wireless Display Adapter Command Injection Vulnerability.\" This affects Microsoft Wireless Display Adapter V2 Software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Wireless Display Adapter V2 Software", + "version": { + "version_data": [ + { + "version_value": "Version 2.0.8350" + }, + { + "version_value": "Version 2.0.8365" + }, + { + "version_value": "Version 2.0.8372" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306" - }, - { - "name" : "104621", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104621" - }, - { - "name" : "1041269", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka \"Microsoft Wireless Display Adapter Command Injection Vulnerability.\" This affects Microsoft Wireless Display Adapter V2 Software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041269", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041269" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8306" + }, + { + "name": "104621", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104621" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8331.json b/2018/8xxx/CVE-2018-8331.json index a5cf1d2ad90..9bd7bb08c88 100644 --- a/2018/8xxx/CVE-2018-8331.json +++ b/2018/8xxx/CVE-2018-8331.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" - }, - { - "version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" - }, - { - "version_value" : "2016 for Mac" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2016 Click-to-Run (C2R) for 32-bit editions" + }, + { + "version_value": "2016 Click-to-Run (C2R) for 64-bit editions" + }, + { + "version_value": "2016 for Mac" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8331", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8331" - }, - { - "name" : "105206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105206" - }, - { - "name" : "1041630", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105206" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8331", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8331" + }, + { + "name": "1041630", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041630" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8738.json b/2018/8xxx/CVE-2018-8738.json index e1ba43420ae..c2eadeea285 100644 --- a/2018/8xxx/CVE-2018-8738.json +++ b/2018/8xxx/CVE-2018-8738.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44986", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44986/" - }, - { - "name" : "https://www.raifberkaydincel.com/airties-air5444tt-airties-air5444-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "https://www.raifberkaydincel.com/airties-air5444tt-airties-air5444-cross-site-scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.raifberkaydincel.com/airties-air5444tt-airties-air5444-cross-site-scripting.html", + "refsource": "MISC", + "url": "https://www.raifberkaydincel.com/airties-air5444tt-airties-air5444-cross-site-scripting.html" + }, + { + "name": "44986", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44986/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8837.json b/2018/8xxx/CVE-2018-8837.json index d957c89572f..0b316822fce 100644 --- a/2018/8xxx/CVE-2018-8837.json +++ b/2018/8xxx/CVE-2018-8837.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-04-25T00:00:00", - "ID" : "CVE-2018-8837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess HMI Designer", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OUT-OF-BOUNDS WRITE CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-04-25T00:00:00", + "ID": "CVE-2018-8837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" - }, - { - "name" : "103972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS WRITE CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103972" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8963.json b/2018/8xxx/CVE-2018-8963.json index 597bc5faa82..2f4bf7eb10a 100644 --- a/2018/8xxx/CVE-2018-8963.json +++ b/2018/8xxx/CVE-2018-8963.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/130", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/130", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/130" + } + ] + } +} \ No newline at end of file