diff --git a/2002/0xxx/CVE-2002-0488.json b/2002/0xxx/CVE-2002-0488.json index ea113d15498..69ef90f9ec1 100644 --- a/2002/0xxx/CVE-2002-0488.json +++ b/2002/0xxx/CVE-2002-0488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020321 PHP script: Penguin Traceroute, Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/263285" - }, - { - "name" : "http://www.linux-directory.com/scripts/traceroute.pl", - "refsource" : "CONFIRM", - "url" : "http://www.linux-directory.com/scripts/traceroute.pl" - }, - { - "name" : "penguin-traceroute-command-execution(8600)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8600.php" - }, - { - "name" : "4332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020321 PHP script: Penguin Traceroute, Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/263285" + }, + { + "name": "http://www.linux-directory.com/scripts/traceroute.pl", + "refsource": "CONFIRM", + "url": "http://www.linux-directory.com/scripts/traceroute.pl" + }, + { + "name": "4332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4332" + }, + { + "name": "penguin-traceroute-command-execution(8600)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8600.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0743.json b/2002/0xxx/CVE-2002-0743.json index 210834829a8..e7f435022be 100644 --- a/2002/0xxx/CVE-2002-0743.json +++ b/2002/0xxx/CVE-2002-0743.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY29516", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY29516", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0760.json b/2002/0xxx/CVE-2002-0760.json index ddc34505a88..7b187ff868a 100644 --- a/2002/0xxx/CVE-2002-0760.json +++ b/2002/0xxx/CVE-2002-0760.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:25", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" - }, - { - "name" : "CSSA-2002-039.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" - }, - { - "name" : "4775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4775" - }, - { - "name" : "bzip2-decompression-race-condition(9127)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9127.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bzip2-decompression-race-condition(9127)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9127.php" + }, + { + "name": "CSSA-2002-039.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" + }, + { + "name": "4775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4775" + }, + { + "name": "FreeBSD-SA-02:25", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2060.json b/2002/2xxx/CVE-2002-2060.json index ccae0a1ffab..bb80cb3d0d3 100644 --- a/2002/2xxx/CVE-2002-2060.json +++ b/2002/2xxx/CVE-2002-2060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog" - }, - { - "name" : "4921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4921" - }, - { - "name" : "links-png-image-bo(9287)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9287.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog", + "refsource": "CONFIRM", + "url": "http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/ChangeLog" + }, + { + "name": "4921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4921" + }, + { + "name": "links-png-image-bo(9287)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9287.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0429.json b/2005/0xxx/CVE-2005-0429.json index bc7c6b9ba9f..89e082f7635 100644 --- a/2005/0xxx/CVE-2005-0429.json +++ b/2005/0xxx/CVE-2005-0429.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050213 vbulletin 3.0.x PHP code execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110840807415315&w=2" - }, - { - "name" : "12542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050213 vbulletin 3.0.x PHP code execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110840807415315&w=2" + }, + { + "name": "12542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12542" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0574.json b/2005/0xxx/CVE-2005-0574.json index a39554307e8..35883a8bcc5 100644 --- a/2005/0xxx/CVE-2005-0574.json +++ b/2005/0xxx/CVE-2005-0574.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050225 CIS WebServer Directory Traversal Bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/391560" - }, - { - "name" : "12662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050225 CIS WebServer Directory Traversal Bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/391560" + }, + { + "name": "12662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12662" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1036.json b/2005/1xxx/CVE-2005-1036.json index 5e723a0cdcb..dbedd018d77 100644 --- a/2005/1xxx/CVE-2005-1036.json +++ b/2005/1xxx/CVE-2005-1036.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-05:03", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-05:03", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1083.json b/2005/1xxx/CVE-2005-1083.json index ce04003545e..748a3f7f31f 100644 --- a/2005/1xxx/CVE-2005-1083.json +++ b/2005/1xxx/CVE-2005-1083.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14913" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1214.json b/2005/1xxx/CVE-2005-1214.json index 0f8da2019fc..110149fbdf6 100644 --- a/2005/1xxx/CVE-2005-1214.json +++ b/2005/1xxx/CVE-2005-1214.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2005-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-032" - }, - { - "name" : "13948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13948" - }, - { - "name" : "oval:org.mitre.oval:def:1194", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1194" - }, - { - "name" : "oval:org.mitre.oval:def:682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A682" - }, - { - "name" : "oval:org.mitre.oval:def:906", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A906" - }, - { - "name" : "15689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A682" + }, + { + "name": "MS05-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-032" + }, + { + "name": "13948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13948" + }, + { + "name": "15689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15689" + }, + { + "name": "oval:org.mitre.oval:def:906", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A906" + }, + { + "name": "oval:org.mitre.oval:def:1194", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1194" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1287.json b/2005/1xxx/CVE-2005-1287.json index 7bc59c590fd..59997e3553d 100644 --- a/2005/1xxx/CVE-2005-1287.json +++ b/2005/1xxx/CVE-2005-1287.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050423 Multiple Sql injection vulnerabilities in BK Forum v.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111428133317901&w=2" - }, - { - "name" : "20060421 BK Forum <<--V.4.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431659/100/0/threaded" - }, - { - "name" : "20060423 BK Forum <= 4.0 Remote SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431863/100/0/threaded" - }, - { - "name" : "http://www.digitalparadox.org/advisories/bkdev.txt", - "refsource" : "MISC", - "url" : "http://www.digitalparadox.org/advisories/bkdev.txt" - }, - { - "name" : "15784", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15784" - }, - { - "name" : "15785", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15785" - }, - { - "name" : "15786", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15786" - }, - { - "name" : "1013793", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013793" - }, - { - "name" : "15072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15784", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15784" + }, + { + "name": "20060423 BK Forum <= 4.0 Remote SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431863/100/0/threaded" + }, + { + "name": "15786", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15786" + }, + { + "name": "20050423 Multiple Sql injection vulnerabilities in BK Forum v.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111428133317901&w=2" + }, + { + "name": "15072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15072" + }, + { + "name": "1013793", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013793" + }, + { + "name": "http://www.digitalparadox.org/advisories/bkdev.txt", + "refsource": "MISC", + "url": "http://www.digitalparadox.org/advisories/bkdev.txt" + }, + { + "name": "15785", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15785" + }, + { + "name": "20060421 BK Forum <<--V.4.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431659/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1315.json b/2005/1xxx/CVE-2005-1315.json index d79d32417b0..a03649c9077 100644 --- a/2005/1xxx/CVE-2005-1315.json +++ b/2005/1xxx/CVE-2005-1315.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[turba] 20050422 Turba 1.2.5 (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/turba/Week-of-Mon-20050418/004182.html" - }, - { - "name" : "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.61.2.74&r2=1.61.2.77&ty=h", - "refsource" : "CONFIRM", - "url" : "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.61.2.74&r2=1.61.2.77&ty=h" - }, - { - "name" : "15074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.61.2.74&r2=1.61.2.77&ty=h", + "refsource": "CONFIRM", + "url": "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.61.2.74&r2=1.61.2.77&ty=h" + }, + { + "name": "15074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15074" + }, + { + "name": "[turba] 20050422 Turba 1.2.5 (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/turba/Week-of-Mon-20050418/004182.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1510.json b/2005/1xxx/CVE-2005-1510.json index 2b3e1e35cb5..2190e7e2dcc 100644 --- a/2005/1xxx/CVE-2005-1510.json +++ b/2005/1xxx/CVE-2005-1510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111565808024581&w=2" - }, - { - "name" : "16234", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16234" - }, - { - "name" : "15315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16234", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16234" + }, + { + "name": "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111565808024581&w=2" + }, + { + "name": "15315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15315" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1604.json b/2005/1xxx/CVE-2005-1604.json index 3cd65deeb45..df085a345dd 100644 --- a/2005/1xxx/CVE-2005-1604.json +++ b/2005/1xxx/CVE-2005-1604.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in \"php.ns\", which allows execution of arbitrary PHP code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050506 PHP Advanced Transfer Manager v1.21", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2005/May/0075.html" - }, - { - "name" : "20051029 uplod phpshell in PHP Advanced Transfer Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415172" - }, - { - "name" : "20051030 Re: uplod phpshell in PHP Advanced Transfer Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/415300/30/0/threaded" - }, - { - "name" : "13542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13542" - }, - { - "name" : "16160", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16160" - }, - { - "name" : "15279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in \"php.ns\", which allows execution of arbitrary PHP code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050506 PHP Advanced Transfer Manager v1.21", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2005/May/0075.html" + }, + { + "name": "20051029 uplod phpshell in PHP Advanced Transfer Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415172" + }, + { + "name": "15279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15279" + }, + { + "name": "16160", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16160" + }, + { + "name": "13542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13542" + }, + { + "name": "20051030 Re: uplod phpshell in PHP Advanced Transfer Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/415300/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4503.json b/2005/4xxx/CVE-2005-4503.json index d7b3a33c510..d4cc12f99dd 100644 --- a/2005/4xxx/CVE-2005-4503.json +++ b/2005/4xxx/CVE-2005-4503.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420101/100/0/threaded" - }, - { - "name" : "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040532.html" - }, - { - "name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf" - }, - { - "name" : "http://net-square.com/httprint/#history", - "refsource" : "CONFIRM", - "url" : "http://net-square.com/httprint/#history" - }, - { - "name" : "16031", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16031" - }, - { - "name" : "ADV-2005-3070", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3070" - }, - { - "name" : "21917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21917" - }, - { - "name" : "1015403", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015403" - }, - { - "name" : "18208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18208" - }, - { - "name" : "httprint-response-header-dos(23886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-3070", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3070" + }, + { + "name": "1015403", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015403" + }, + { + "name": "18208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18208" + }, + { + "name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf" + }, + { + "name": "http://net-square.com/httprint/#history", + "refsource": "CONFIRM", + "url": "http://net-square.com/httprint/#history" + }, + { + "name": "16031", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16031" + }, + { + "name": "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420101/100/0/threaded" + }, + { + "name": "21917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21917" + }, + { + "name": "httprint-response-header-dos(23886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23886" + }, + { + "name": "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040532.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0048.json b/2009/0xxx/CVE-2009-0048.json index ed079d85da0..828fcf829f6 100644 --- a/2009/0xxx/CVE-2009-0048.json +++ b/2009/0xxx/CVE-2009-0048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2008-016.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2008-016.html" - }, - { - "name" : "ADV-2009-0047", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" + }, + { + "name": "ADV-2009-0047", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0047" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2008-016.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2008-016.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0062.json b/2009/0xxx/CVE-2009-0062.json index 6368cbde227..74cceec9273 100644 --- a/2009/0xxx/CVE-2009-0062.json +++ b/2009/0xxx/CVE-2009-0062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" - }, - { - "name" : "33608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33608" - }, - { - "name" : "1021678", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021678" - }, - { - "name" : "33749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" + }, + { + "name": "33608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33608" + }, + { + "name": "33749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33749" + }, + { + "name": "1021678", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021678" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0421.json b/2009/0xxx/CVE-2009-0421.json index f21eb190f3a..23b6b027415 100644 --- a/2009/0xxx/CVE-2009-0421.json +++ b/2009/0xxx/CVE-2009-0421.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7793", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7793" - }, - { - "name" : "33296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33296" - }, - { - "name" : "33563", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33563" - }, - { - "name" : "eventing-index-sql-injection(48016)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33296" + }, + { + "name": "7793", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7793" + }, + { + "name": "33563", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33563" + }, + { + "name": "eventing-index-sql-injection(48016)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48016" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0735.json b/2009/0xxx/CVE-2009-0735.json index 63fa1dfbe94..2b0ad110908 100644 --- a/2009/0xxx/CVE-2009-0735.json +++ b/2009/0xxx/CVE-2009-0735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8030", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8030" - }, - { - "name" : "33718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33718" - }, - { - "name" : "33911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8030", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8030" + }, + { + "name": "33718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33718" + }, + { + "name": "33911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33911" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0852.json b/2009/0xxx/CVE-2009-0852.json index 93702d3c8aa..d5e751fbe90 100644 --- a/2009/0xxx/CVE-2009-0852.json +++ b/2009/0xxx/CVE-2009-0852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "showme.php in CelerBB 0.0.2 allows remote attackers to obtain \"reserved information\" via the user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090305 CelerBB 0.0.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501481/100/0/threaded" - }, - { - "name" : "8161", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8161" - }, - { - "name" : "34014", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "showme.php in CelerBB 0.0.2 allows remote attackers to obtain \"reserved information\" via the user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34014", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34014" + }, + { + "name": "8161", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8161" + }, + { + "name": "20090305 CelerBB 0.0.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501481/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1091.json b/2009/1xxx/CVE-2009-1091.json index 8a0461a68a1..dbd9454eab9 100644 --- a/2009/1xxx/CVE-2009-1091.json +++ b/2009/1xxx/CVE-2009-1091.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090314 [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501854/100/0/threaded" - }, - { - "name" : "http://security.bkis.vn/?p=345", - "refsource" : "MISC", - "url" : "http://security.bkis.vn/?p=345" - }, - { - "name" : "34119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34119" - }, - { - "name" : "52754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52754" - }, - { - "name" : "34300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34300" - }, - { - "name" : "rapidleech-upload-xss(49257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech rev.36 and earlier allows remote attackers to inject arbitrary web script or HTML via the uploaded parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52754", + "refsource": "OSVDB", + "url": "http://osvdb.org/52754" + }, + { + "name": "http://security.bkis.vn/?p=345", + "refsource": "MISC", + "url": "http://security.bkis.vn/?p=345" + }, + { + "name": "34300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34300" + }, + { + "name": "34119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34119" + }, + { + "name": "20090314 [Bkis-03-2009] Multiple Vulnerabilities found in Rapidleech rev.36", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501854/100/0/threaded" + }, + { + "name": "rapidleech-upload-xss(49257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49257" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1218.json b/2009/1xxx/CVE-2009-1218.json index faff16be931..cdc95177908 100644 --- a/2009/1xxx/CVE-2009-1218.json +++ b/2009/1xxx/CVE-2009-1218.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502320/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/sun-calendar-express", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/sun-calendar-express" - }, - { - "name" : "256228", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1" - }, - { - "name" : "1020321", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1" - }, - { - "name" : "34152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34152" - }, - { - "name" : "34153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34153" - }, - { - "name" : "ADV-2009-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0905" + }, + { + "name": "34153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34153" + }, + { + "name": "256228", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1" + }, + { + "name": "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502320/100/0/threaded" + }, + { + "name": "http://www.coresecurity.com/content/sun-calendar-express", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/sun-calendar-express" + }, + { + "name": "34152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34152" + }, + { + "name": "1020321", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1481.json b/2009/1xxx/CVE-2009-1481.json index e1bd6921a4f..7471ab576fb 100644 --- a/2009/1xxx/CVE-2009-1481.json +++ b/2009/1xxx/CVE-2009-1481.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs" - }, - { - "name" : "34701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34701" - }, - { - "name" : "53939", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53939" - }, - { - "name" : "34897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34897" - }, - { - "name" : "pjblog3-action-sql-injection(50082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pjblog3-action-sql-injection(50082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50082" + }, + { + "name": "34701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34701" + }, + { + "name": "34897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34897" + }, + { + "name": "53939", + "refsource": "OSVDB", + "url": "http://osvdb.org/53939" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/34701.vbs" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1661.json b/2009/1xxx/CVE-2009-1661.json index 63a69d25dc4..e48cd7079f6 100644 --- a/2009/1xxx/CVE-2009-1661.json +++ b/2009/1xxx/CVE-2009-1661.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090511 (POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503422/100/0/threaded" - }, - { - "name" : "8655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8655" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474" - }, - { - "name" : "34907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34907" - }, - { - "name" : "35051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35051" - }, - { - "name" : "ADV-2009-1288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1288" - }, - { - "name" : "microtopic-rating-sql-injection(50428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474" + }, + { + "name": "20090511 (POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503422/100/0/threaded" + }, + { + "name": "35051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35051" + }, + { + "name": "34907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34907" + }, + { + "name": "8655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8655" + }, + { + "name": "ADV-2009-1288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1288" + }, + { + "name": "microtopic-rating-sql-injection(50428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50428" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1867.json b/2009/1xxx/CVE-2009-1867.json index e41f74a17ba..379a2e9823b 100644 --- a/2009/1xxx/CVE-2009-1867.json +++ b/2009/1xxx/CVE-2009-1867.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"clickjacking vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html" - }, - { - "name" : "http://support.apple.com/kb/HT3864", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3864" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "GLSA-200908-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200908-04.xml" - }, - { - "name" : "266108", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" - }, - { - "name" : "35890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35890" - }, - { - "name" : "35905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35905" - }, - { - "name" : "56775", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56775" - }, - { - "name" : "oval:org.mitre.oval:def:6694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" - }, - { - "name" : "oval:org.mitre.oval:def:15430", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" - }, - { - "name" : "1022629", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022629" - }, - { - "name" : "36193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36193" - }, - { - "name" : "36374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36374" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "ADV-2009-2086", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2086" - }, - { - "name" : "flash-air-unspecified-clickjacking(52183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a \"clickjacking vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "266108", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1" + }, + { + "name": "flash-air-unspecified-clickjacking(52183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52183" + }, + { + "name": "APPLE-SA-2009-09-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html" + }, + { + "name": "GLSA-200908-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200908-04.xml" + }, + { + "name": "http://support.apple.com/kb/HT3864", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3864" + }, + { + "name": "oval:org.mitre.oval:def:6694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6694" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html" + }, + { + "name": "1022629", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022629" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "56775", + "refsource": "OSVDB", + "url": "http://osvdb.org/56775" + }, + { + "name": "ADV-2009-2086", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2086" + }, + { + "name": "oval:org.mitre.oval:def:15430", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15430" + }, + { + "name": "35890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35890" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" + }, + { + "name": "36374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36374" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36193" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "35905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35905" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4134.json b/2009/4xxx/CVE-2009-4134.json index 9698d7009bf..a9ca196e46c 100644 --- a/2009/4xxx/CVE-2009-4134.json +++ b/2009/4xxx/CVE-2009-4134.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-4134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.python.org/issue8678", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue8678" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=541698", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=541698" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "MDVSA-2010:215", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215" - }, - { - "name" : "RHSA-2011:0027", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0027.html" - }, - { - "name" : "RHSA-2011:0260", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0260.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "40361", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40361" - }, - { - "name" : "42888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42888" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43364" - }, - { - "name" : "ADV-2011-0122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0122" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0413", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "43364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43364" + }, + { + "name": "ADV-2011-0413", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0413" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "ADV-2011-0122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0122" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=541698", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541698" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "42888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42888" + }, + { + "name": "40361", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40361" + }, + { + "name": "RHSA-2011:0027", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html" + }, + { + "name": "MDVSA-2010:215", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215" + }, + { + "name": "http://bugs.python.org/issue8678", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue8678" + }, + { + "name": "RHSA-2011:0260", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0260.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4553.json b/2009/4xxx/CVE-2009-4553.json index 3ee79d5db2d..1f31e830389 100644 --- a/2009/4xxx/CVE-2009-4553.json +++ b/2009/4xxx/CVE-2009-4553.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9392", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9392" - }, - { - "name" : "irehearse-m3u-dos(55479)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9392", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9392" + }, + { + "name": "irehearse-m3u-dos(55479)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55479" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2194.json b/2012/2xxx/CVE-2012-2194.json index b363b0c45d7..b36a6704e40 100644 --- a/2012/2xxx/CVE-2012-2194.json +++ b/2012/2xxx/CVE-2012-2194.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21600837", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21600837" - }, - { - "name" : "IC84019", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019" - }, - { - "name" : "IC84711", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711" - }, - { - "name" : "IC84714", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714" - }, - { - "name" : "IC84715", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715" - }, - { - "name" : "IC84716", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716" - }, - { - "name" : "54487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54487" - }, - { - "name" : "49919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49919" + }, + { + "name": "54487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54487" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837" + }, + { + "name": "IC84711", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711" + }, + { + "name": "IC84019", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019" + }, + { + "name": "IC84716", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716" + }, + { + "name": "IC84714", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714" + }, + { + "name": "IC84715", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2201.json b/2012/2xxx/CVE-2012-2201.json index ca9add63c6d..bb1a679652f 100644 --- a/2012/2xxx/CVE-2012-2201.json +++ b/2012/2xxx/CVE-2012-2201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2795.json b/2012/2xxx/CVE-2012-2795.json index c6d8a7b11e1..ed58690a85b 100644 --- a/2012/2xxx/CVE-2012-2795.json +++ b/2012/2xxx/CVE-2012-2795.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of \"mclms arrays,\" (2) \"a get_bits(0) in decode_ac_filter,\" and (3) \"too many bits in decode_channel_residues().\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of \"mclms arrays,\" (2) \"a get_bits(0) in decode_ac_filter,\" and (3) \"too many bits in decode_channel_residues().\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2863.json b/2012/2xxx/CVE-2012-2863.json index 4c1e376c3e9..98fd6af3f23 100644 --- a/2012/2xxx/CVE-2012-2863.json +++ b/2012/2xxx/CVE-2012-2863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=136968", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=136968" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=137361", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=137361" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14823", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=137361", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=137361" + }, + { + "name": "oval:org.mitre.oval:def:14823", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14823" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=136968", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=136968" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3507.json b/2012/3xxx/CVE-2012-3507.json index 85ec9fb2a09..43d548d5ecd 100644 --- a/2012/3xxx/CVE-2012-3507.json +++ b/2012/3xxx/CVE-2012-3507.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120820 CVE-request: Roundcube XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/2" - }, - { - "name" : "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/9" - }, - { - "name" : "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/3" - }, - { - "name" : "http://www.securelist.com/en/advisories/50212", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/advisories/50212" - }, - { - "name" : "http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/" - }, - { - "name" : "http://trac.roundcube.net/ticket/1488519", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1488519" - }, - { - "name" : "50212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/3" + }, + { + "name": "http://www.securelist.com/en/advisories/50212", + "refsource": "MISC", + "url": "http://www.securelist.com/en/advisories/50212" + }, + { + "name": "http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/" + }, + { + "name": "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/9" + }, + { + "name": "[oss-security] 20120820 CVE-request: Roundcube XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/2" + }, + { + "name": "http://trac.roundcube.net/ticket/1488519", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1488519" + }, + { + "name": "50212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50212" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3660.json b/2012/3xxx/CVE-2012-3660.json index e5ae2760a3e..643fbfba57d 100644 --- a/2012/3xxx/CVE-2012-3660.json +++ b/2012/3xxx/CVE-2012-3660.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85369", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85369" - }, - { - "name" : "oval:org.mitre.oval:def:16780", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16780" - }, - { - "name" : "apple-itunes-webkit-cve20123660(78530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "85369", + "refsource": "OSVDB", + "url": "http://osvdb.org/85369" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "oval:org.mitre.oval:def:16780", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16780" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123660(78530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78530" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3770.json b/2012/3xxx/CVE-2012-3770.json index 1a4c2de207d..892d79ce0c9 100644 --- a/2012/3xxx/CVE-2012-3770.json +++ b/2012/3xxx/CVE-2012-3770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3770", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3770", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3807.json b/2012/3xxx/CVE-2012-3807.json index 8f858862d2c..5103120ecc3 100644 --- a/2012/3xxx/CVE-2012-3807.json +++ b/2012/3xxx/CVE-2012-3807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4411.json b/2012/4xxx/CVE-2012-4411.json index a380ca70cd7..6ffeb55c80b 100644 --- a/2012/4xxx/CVE-2012-4411.json +++ b/2012/4xxx/CVE-2012-4411.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-announce] 20120906 Xen Security Advisory 19 - guest administrator can access qemu monitor console", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html" - }, - { - "name" : "[Xen-announce] 20120907 Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console", - "refsource" : "MLIST", - "url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html" - }, - { - "name" : "[oss-security] 20120906 Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/06/7" - }, - { - "name" : "[oss-security] 20120906 Xen Security Advisory 19 - guest administrator can access qemu monitor console", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/06/2" - }, - { - "name" : "[oss-security] 20120907 Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/07/5" - }, - { - "name" : "DSA-2543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2543" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "GLSA-201604-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201604-03" - }, - { - "name" : "SUSE-SU-2012:1486", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:1487", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" - }, - { - "name" : "openSUSE-SU-2012:1572", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "openSUSE-SU-2012:1573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" - }, - { - "name" : "55442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55442" - }, - { - "name" : "50493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50493" - }, - { - "name" : "51413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51413" - }, - { - "name" : "51324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51324" - }, - { - "name" : "51352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51352" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "51413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51413" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "SUSE-SU-2012:1486", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" + }, + { + "name": "DSA-2543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2543" + }, + { + "name": "[Xen-announce] 20120906 Xen Security Advisory 19 - guest administrator can access qemu monitor console", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html" + }, + { + "name": "[oss-security] 20120906 Xen Security Advisory 19 - guest administrator can access qemu monitor console", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/06/2" + }, + { + "name": "[oss-security] 20120906 Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/06/7" + }, + { + "name": "55442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55442" + }, + { + "name": "openSUSE-SU-2012:1572", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" + }, + { + "name": "[Xen-announce] 20120907 Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console", + "refsource": "MLIST", + "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html" + }, + { + "name": "SUSE-SU-2012:1487", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "51352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51352" + }, + { + "name": "51324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51324" + }, + { + "name": "GLSA-201604-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201604-03" + }, + { + "name": "openSUSE-SU-2012:1573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" + }, + { + "name": "50493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50493" + }, + { + "name": "[oss-security] 20120907 Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/5" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4689.json b/2012/4xxx/CVE-2012-4689.json index 191bf294fbe..632881bb53b 100644 --- a/2012/4xxx/CVE-2012-4689.json +++ b/2012/4xxx/CVE-2012-4689.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153", - "refsource" : "MISC", - "url" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf" + }, + { + "name": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153", + "refsource": "MISC", + "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6273.json b/2012/6xxx/CVE-2012-6273.json index 3a3876de21e..9e2507b2891 100644 --- a/2012/6xxx/CVE-2012-6273.json +++ b/2012/6xxx/CVE-2012-6273.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-6273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#990652", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/990652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#990652", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/990652" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6685.json b/2012/6xxx/CVE-2012-6685.json index ed0208ffaf0..a74281cd021 100644 --- a/2012/6xxx/CVE-2012-6685.json +++ b/2012/6xxx/CVE-2012-6685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6687.json b/2012/6xxx/CVE-2012-6687.json index 2b3de01ca59..b5b10f650ea 100644 --- a/2012/6xxx/CVE-2012-6687.json +++ b/2012/6xxx/CVE-2012-6687.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150206 CVE request for denial-of-service vulnerability in fcgi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/06/4" - }, - { - "name" : "[oss-security] 20150207 Re: CVE request for denial-of-service vulnerability in fcgi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/02/07/4" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189958", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1189958" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0184.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0184.html" - }, - { - "name" : "libfcgi-connections-dos(100696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1189958", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189958" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0184.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0184.html" + }, + { + "name": "[oss-security] 20150207 Re: CVE request for denial-of-service vulnerability in fcgi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/07/4" + }, + { + "name": "libfcgi-connections-dos(100696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100696" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591" + }, + { + "name": "[oss-security] 20150206 CVE request for denial-of-service vulnerability in fcgi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/02/06/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6699.json b/2012/6xxx/CVE-2012-6699.json index b9e4e479fd1..8dff22d2264 100644 --- a/2012/6xxx/CVE-2012-6699.json +++ b/2012/6xxx/CVE-2012-6699.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/02/1" - }, - { - "name" : "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/12/03/1" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" - }, - { - "name" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch", - "refsource" : "CONFIRM", - "url" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch" - }, - { - "name" : "DSA-3534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" + }, + { + "name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/02/1" + }, + { + "name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch", + "refsource": "CONFIRM", + "url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch" + }, + { + "name": "DSA-3534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3534" + }, + { + "name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/12/03/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5389.json b/2015/5xxx/CVE-2015-5389.json index f8a42a74231..8e2072ab9da 100644 --- a/2015/5xxx/CVE-2015-5389.json +++ b/2015/5xxx/CVE-2015-5389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5389", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5389", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5710.json b/2015/5xxx/CVE-2015-5710.json index ee71ece2873..b4ec0105e7b 100644 --- a/2015/5xxx/CVE-2015-5710.json +++ b/2015/5xxx/CVE-2015-5710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2482.json b/2017/2xxx/CVE-2017-2482.json index f421664fb50..1e5a49e0f74 100644 --- a/2017/2xxx/CVE-2017-2482.json +++ b/2017/2xxx/CVE-2017-2482.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41796", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41796/" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41796", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41796/" + }, + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2884.json b/2017/2xxx/CVE-2017-2884.json index 45fce5369b4..9f66071e44c 100644 --- a/2017/2xxx/CVE-2017-2884.json +++ b/2017/2xxx/CVE-2017-2884.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Circle", - "version" : { - "version_data" : [ - { - "version_value" : "firmware 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Circle Media" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Circle", + "version": { + "version_data": [ + { + "version_value": "firmware 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Circle Media" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0391", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0391", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0391" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11150.json b/2018/11xxx/CVE-2018-11150.json index cc5c6675d58..f4a15035e1c 100644 --- a/2018/11xxx/CVE-2018-11150.json +++ b/2018/11xxx/CVE-2018-11150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/71" - }, - { - "name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" - }, - { - "name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/71" + }, + { + "name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" + }, + { + "name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11665.json b/2018/11xxx/CVE-2018-11665.json index f259a4fd6ba..161024c24d1 100644 --- a/2018/11xxx/CVE-2018-11665.json +++ b/2018/11xxx/CVE-2018-11665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11816.json b/2018/11xxx/CVE-2018-11816.json index 25e6e2836de..519caf288a0 100644 --- a/2018/11xxx/CVE-2018-11816.json +++ b/2018/11xxx/CVE-2018-11816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11816", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11816", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14816.json b/2018/14xxx/CVE-2018-14816.json index 6b7e16d2b57..418986e2e76 100644 --- a/2018/14xxx/CVE-2018-14816.json +++ b/2018/14xxx/CVE-2018-14816.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-23T00:00:00", - "ID" : "CVE-2018-14816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess Versions 8.3.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-23T00:00:00", + "ID": "CVE-2018-14816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," - }, - { - "name" : "105728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105728" - }, - { - "name" : "1041939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041939" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "name": "105728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105728" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14911.json b/2018/14xxx/CVE-2018-14911.json index 4685d420f63..6f1811d222e 100644 --- a/2018/14xxx/CVE-2018-14911.json +++ b/2018/14xxx/CVE-2018-14911.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka \"Allow upload file suffix\") setting, and must use \"php,php\" in this setting to bypass the \"php\" restriction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yxcmf/ukcms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/yxcmf/ukcms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka \"Allow upload file suffix\") setting, and must use \"php,php\" in this setting to bypass the \"php\" restriction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/yxcmf/ukcms/issues/1", + "refsource": "MISC", + "url": "https://github.com/yxcmf/ukcms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15085.json b/2018/15xxx/CVE-2018-15085.json index 582b2a4dc85..acfc4277f02 100644 --- a/2018/15xxx/CVE-2018-15085.json +++ b/2018/15xxx/CVE-2018-15085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15747.json b/2018/15xxx/CVE-2018-15747.json index 2eb128e9260..bcd1958a96f 100644 --- a/2018/15xxx/CVE-2018-15747.json +++ b/2018/15xxx/CVE-2018-15747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15799.json b/2018/15xxx/CVE-2018-15799.json index da2e2e1be63..d7dc63bc17b 100644 --- a/2018/15xxx/CVE-2018-15799.json +++ b/2018/15xxx/CVE-2018-15799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15799", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-15799", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15997.json b/2018/15xxx/CVE-2018-15997.json index 44baef7fa71..47e5e82c4b6 100644 --- a/2018/15xxx/CVE-2018-15997.json +++ b/2018/15xxx/CVE-2018-15997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8053.json b/2018/8xxx/CVE-2018-8053.json index 9b5dd75023a..8d0048b33cf 100644 --- a/2018/8xxx/CVE-2018-8053.json +++ b/2018/8xxx/CVE-2018-8053.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8053", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8053", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8207.json b/2018/8xxx/CVE-2018-8207.json index 171d50403f1..82038c880c5 100644 --- a/2018/8xxx/CVE-2018-8207.json +++ b/2018/8xxx/CVE-2018-8207.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8207", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8207" - }, - { - "name" : "104379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104379" - }, - { - "name" : "1041113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041113" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8207", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8207" + }, + { + "name": "104379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104379" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8278.json b/2018/8xxx/CVE-2018-8278.json index 895710c6464..638e8d2718b 100644 --- a/2018/8xxx/CVE-2018-8278.json +++ b/2018/8xxx/CVE-2018-8278.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278" - }, - { - "name" : "104627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104627" - }, - { - "name" : "1041255", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041255", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041255" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8278" + }, + { + "name": "104627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104627" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8547.json b/2018/8xxx/CVE-2018-8547.json index fc36f2b3930..6f59fd47ec0 100644 --- a/2018/8xxx/CVE-2018-8547.json +++ b/2018/8xxx/CVE-2018-8547.json @@ -1,160 +1,160 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for ARM64-based Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for ARM64-based Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka \"Active Directory Federation Services XSS Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8547", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8547" - }, - { - "name" : "105801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka \"Active Directory Federation Services XSS Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8547", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8547" + }, + { + "name": "105801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105801" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8754.json b/2018/8xxx/CVE-2018-8754.json index 8eb92a43eb9..3d85a5229f4 100644 --- a/2018/8xxx/CVE-2018-8754.json +++ b/2018/8xxx/CVE-2018-8754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734", - "refsource" : "MISC", - "url" : "https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734" - }, - { - "name" : "DSA-4160", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734", + "refsource": "MISC", + "url": "https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734" + }, + { + "name": "DSA-4160", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4160" + } + ] + } +} \ No newline at end of file